This week, we're focusing on the single most common entry point for attacks: links and attachments, and why your vigilance and reporting are our best defences.

The Dangers Behind Suspicious Links

A single click can lead to immediate compromise. Malicious links can do several things:

• Credential Theft: The link may take you to a realistic-looking phishing site designed to steal your username and password the moment you try to log in.
• Malware Installation: Clicking the link could silently trigger the download and installation of malicious software, such as ransomware or spyware.
• Account Takeover: The link might try to steal the temporary data that keeps you logged in, allowing the attacker to take over your active account without needing your password.

How to Handle Unexpected Links or Attachments

Your rule of thumb should always be Stop, Look, and Verify.

• Verify the Sender: Look beyond the displayed name. Check the actual full email address for misspellings or unusual domains (e.g., micros0ft.com instead of microsoft.com).
• Hover Before You Click: On a computer, hover your mouse over any link to see the true destination URL in the corner of your screen. If the displayed name doesn't match the destination URL, do not click.
• Do Not Scan Unexpected QR Codes: QR codes are essentially hidden links. If you see an unexpected QR code in a public place, in an email, or on a physical flyer, treat it as a suspicious link and do not scan it.
• Check Attachments: Never open an unexpected attachment, especially if it ends in suspicious extensions like .zip, .exe, or .js. If you need the file, verify with the sender using a different communication method (like a phone call).

Why Reporting Suspected Phishing Attacks is Important

When you report a suspicious message, you're not just protecting yourself—you're protecting the entire team.

• Preventing Future Attacks: Once an attack is reported, our IT team can analyse it, block the malicious sender, and quarantine the dangerous link/attachment for everyone else.
• Improving Defences: Every reported attack helps us tune our security filters and automated tools to recognise and stop similar threats immediately.

Thank you for participating in Cyber Security Awareness Month! Your vigilance is the most important layer of defence for all of us.