Essentials TrainingPrepared for Southeastern Pneumatic
Module 2 of 3
EnglishEspaƱol
Getting started
Security Awareness Training

Phishing & Suspicious Messages

Learn to spot fake emails, text messages, and phone calls designed to trick you into giving up credentials or personal information.

Phishing awareness introduction

What is Phishing?

Phishing is when an attacker sends you a fake message pretending to be a company or person you trust. The goal is to trick you into clicking a dangerous link, opening a harmful file, or giving away your password.

Phishing attacks come through email, text messages (called "smishing"), and even phone calls (called "vishing"). They all work the same way: create trust, create urgency, then get you to act before thinking.

Why this mattersYou use your work email and HR portal regularly. Attackers know this and create messages that look exactly like real HR notifications, password resets, or payroll updates.

How to Spot a Fake Email

1. Check the Sender Address

Look at the full email address, not just the display name. Fake emails use addresses that look close to real ones but have small differences.

Did you catch it?The address uses "rn" instead of "m" in "equipment." On a small screen, "rn" looks identical to "m." Always look closely at the full sender address.

2. Hover Over Links Before Clicking

Move your mouse over any link without clicking to see where it actually goes. The real destination appears in the bottom corner of your browser. If it does not match what the email claims, do not click it.

webmail.bulkequipment.com/inbox
Dear Employee,

Your benefits enrollment closes tomorrow. Click below to update your selections:

Update My Benefits Now
https://benefitportal-secure.com/steal-credentials/login.php
Watch the cursor hover over the link. The real URL appears in the status bar below.
The link text is fakeWhat you see ("Update My Benefits Now") can say anything. The real destination shows in your browser's bottom bar when you hover. Here it reveals a completely different, malicious website.

3. Watch for Urgency and Pressure

Fake messages create panic so you act before thinking. Common pressure phrases:

  • "Your account will be locked in 2 hours"
  • "Your direct deposit has been suspended"
  • "Verify your identity within 24 hours"
  • "Unusual login detected on your account"

4. Look for Generic Greetings

Real emails from your company usually use your name. Phishing emails say "Dear Employee" or "Dear User" because the attacker does not know who you are.

Real-World Examples

Fake Benefits Email

Red flagsThe domain "benefitportal-secure.com" is not your company. Uses "Dear Employee" instead of your name. Creates urgency with a deadline and threat of cancellation.

Text Message Phishing (Smishing)

Attackers also target you through text messages. These are designed to look like they come from your employer or a trusted service.

10:47 AM
?
+1 (555) 892-4411
BULK EQUIPMENT HR: Your direct deposit has been suspended due to a verification error. Verify your bank info now: bit.ly/3xK9mN2
10:47 AM
Text Message
Red flagsHR will never text you asking to verify bank details through a link. Shortened URLs (bit.ly) hide the real destination. Real payroll issues are handled in person or through official channels.
Recognizing suspicious messages

Vishing: Phone Call Scams

Phishing does not always come through email or text. Attackers also use phone calls to trick employees into sharing credentials or sensitive information.

Example Phone Call
"Hi, this is Mike from IT. We're seeing some unusual activity on your account and I need to verify your identity. Can you confirm your username and password so I can check the logs?"
The truthReal IT support will never ask for your password. They can reset it without knowing it. If someone calls asking for credentials, hang up and call IT directly using a number you already know from the company directory.
Caller ID can be fakedAttackers can make their phone number appear as any number they want. Just because the caller ID shows your company's number does not mean the call is legitimate.

What to Do

If You Receive a Suspicious Message

  • Do not click any links or open any attachments.
  • Do not reply to the message, even to say "stop."
  • If it was a phone call, hang up. Do not give any information.
  • Report it to your manager or IT support.
  • Delete it after reporting. Do not forward to coworkers.

If You Are Unsure Whether a Message Is Real

  • Go directly to the source. Type the website address yourself. For your HR portal, use the URL you normally use.
  • Call or ask in person. Contact the supposed sender using a number you already know, not one from the message.
The golden ruleWhen in doubt, do not click. Go directly to the website yourself or call the sender. A legitimate request will still be there when you verify through a trusted channel.
Verify before you click

If You Already Clicked a Suspicious Link

  • Change your password immediately from a different device if possible.
  • Tell your manager or IT right away. Speed matters. The sooner they know, the faster they can protect your account.
  • Do not feel embarrassed. Reporting quickly is the most important thing you can do. These attacks fool experienced people every day.

Knowledge Check

Answer all 5 questions to test what you have learned.

Passing score: 80% (4 out of 5)
Question 1 of 5
You receive an email from "benefits@benefitportal-secure.com" saying your enrollment closes tomorrow. What is the biggest red flag?
Select your answer:
Question 2 of 5
You get a text message: "BULK EQUIPMENT PAYROLL: Your direct deposit failed. Verify your bank details here: bit.ly/2kR9xM." What is the best action?
Select your answer:
Question 3 of 5
Someone calls claiming to be from your company's IT helpdesk. They say your account has been flagged for suspicious activity and they need your password to investigate. What should you do?
Select your answer:
Question 4 of 5
What is the best way to check if a link in an email is safe before clicking it?
Select your answer:
Question 5 of 5
You accidentally clicked a link in a suspicious email and entered your password on a page that looked like your HR portal. What is the most important thing to do first?
Select your answer: