End User Guide to Minimize Damage or Intrusion

1. Common Red Flags of Spam & Fake Emails

• Suspicious sender address (e.g., misspelled domains).
• Urgent or threatening language ("Your account will be locked in 24 hours").
• Unusual attachments or links (hover to check real URL).
• Requests for sensitive information (passwords, credit cards, SSNs).
• Poor spelling and grammar.
• Too good to be true offers.

2. Social Engineering Tactics

• Impersonation of authority (boss, IT, vendor).
• Pretexting (fake stories to trick you).
• Phishing types: spear phishing, whaling, smishing, vishing.

3. How End Users Can Do Their Part

Should Do

• Think before you click (hover over links).
• Verify requests through trusted channels.
• Use “Report Phishing” tools in your email client.
• Update devices regularly (OS, browser, antivirus).
• Check with IT/Security when in doubt.

Should Not Do

• Do not click unknown links or open unexpected attachments.
• Do not reply to suspicious messages.
• Do not provide credentials or financial information by email.
• Do not reuse work passwords on personal sites.

4. Quick Self-Check Before Acting

1. Do I know this sender?
2. Is the email expected?
3. Are there spelling/grammar errors?
4. Is it creating urgency or fear?
5. Does the link match the website?
6. Should I verify through another channel?

✅ Quick User Checklist

• ???? Inspect sender and links.
• ???? Stop if the email pressures you to act fast.
• ???? Avoid opening unknown attachments.
• ???? Verify requests by phone or in person.
• ???? Report suspicious emails immediately.