Spear phishing emails target specific organizations to gain unauthorized access to confidential data. These emails often contain links and attachments that can install malware if opened. To avoid becoming a victim, exercise caution with email links, images, and attachments by verifying the sender and not entering personal information on unsolicited pop-ups. Additionally, keep passwords secret and change them regularly according to any password policies to maintain account security.

1. Security Awareness
Sanoop S | Network & Information Systems Security Architect
Email Security
Spear Phishing: Don't Trust the Links Sent by Email Messages
We noticed many of the employees receiving spear phishing / Spam content emails. This kind
of attack happens all the time. But you don’t have to be a victim.
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking
unauthorized access to confidential data.
In many cases, spear-phishing emails use attachments made to appear as legitimatedocuments
because sharing via email is a common practice among largeenterprises and government
organizations.
Phishing messages that appear to be from a bank, shop or auction, giving a link to a fake
website and asking you to follow that link and confirm your account details. Many Phishing
emails we received recently Subject like: Upgrade Email Storage, Finance Statements, LPO. The
fraudsters then use your account details to buy stuff or transfer money out of the account. These
fake sites can be hard to spot, so no reputable organization will send a message requesting your
confidential information.
 Approach links in email messages with caution
Avoid clicking a link in an email message unless you are sure of the real target address, URL, or a
valid sender. Before you click a link, make sure to read the target address. If the email message
appears to come from your bank, but the target address is just a meaningless series of numbers, do
not click the link.
 Approach images in e-mail with caution
Just as a beacon within the oceans transmits a message or data back to a source, images within
email messages —also known as “web beacons” — can be used to secretly send a message back to
the sender. Spammers rely on information returned by these images to locate active e-mail

2. addresses. Images can also contain harmful codes and can be used to deliver a spammer's message
in spite of filters.
 Approach attachments in email messages with caution
Attachments might be viruses or spyware that download to your machine when you open the
attachment file. If you don't know whom the attachment is from or if you weren't expecting it, DO
NOT open the attachment.
 Don't trust the sender information in an e-mail message
Even if the email message appears to come from a particular sender that you know and trust, use
the same precautions that you would use with any other email message. Spoofing is email activity in
which the sender address and other parts of the email header are altered to appear as though the
email originated or was sent from a different source. This is a common practice of spammers and is
one of the hardest to combat as there may be legitimate reasons to spoof an address.
 Don't trust offers that seem too good to be true
If a deal or offer in an email message looks too good to be true, it probably is. The best defense is to
exercise your common sense when you read and respond to email messages.
 Don't enter personal or financial information into pop-up windows
One common phishing technique is to launch a fake pop-up window when someone clicks a link in a
phishing e-mail message. To make the pop-up window look more convincing, it might be displayed
over a window you trust. Even if the pop-up window looks official or claims to be secure, avoid
entering sensitive information, because there is no way to check the security certificate.
Keep your password secret:

3. Email Password |Computer Login Password | Application Login Password
Employees need to understand that keeping their passwords to themselves is critical to their
companies' security, Your Company expects you to use your password to stop others misusing
your computer account. If you share your password, you may be held responsible for what other
people do with it.
For safe and Secure IT Infrastructure we implement Account Lockout Policy If any one enter
wrong password more than 5 times your computer account will be locked.
Password Expiry: You will be prompted to change password every 90 Days.
Always change your default password set by IT.