Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

A Short Guide for Spotting Phishing Attempts

You receive an urgent phone call from a woman who claims to be an IRS agent. She says there’s been an issue with your tax bill. She asks for your banking information to process the payment. It sounds serious. 

It’s easy to see why scams such as these are successful. Criminals convince people to act by assuming a position of authority and creating a sense of urgency. This type of cyber-attack is called social engineering. It leverages social tendencies to trick victims into taking a particular action.

When this scam takes place via email, it’s called phishing. A single phishing campaign can bring in millions, making it lucrative for cybercriminals. In 2017 a phishing email sent to Google and Facebook employees resulted in $100 million wired to a cybercriminal overseas (Fortune). Thankfully, one of the best protections against phishing is in your hands. To defend against these attacks, you must learn how to spot suspicious emails.

How phishing works

Phishing attacks have come a long way since the famous “prince-who-will-wire-you-money” scam. Today they leverage spoofed email addresses. They’ll include proper grammar and will use a malicious attachment or link to spur activity. Sometimes the link will lead to a site that appears legitimate, like an email or bank login page. But, it is actually spoofed and collecting user credentials maliciously. In other cases, the email will include an attachment which might be malware. Let’s dive in with a few examples.

Example 1: Suspicious login attempt


After clicking on the link in this phishing email, the user is directed to a website that appears to be a legitimate login page. However, a close look will show that the domain is not from Microsoft.


Example 2: Malicious link


In this example, the email content seems urgent – but the link is actually malicious. Cybercriminals leverage the recipient’s innate desire to act in order to attract clicks.

Example 3: Malicious file


The attachment, in this case, could be malware made to look like a PDF. TIP: Never open or download email attachments that aren’t from trusted senders.

If you see something…

Here’s what to do if you spot a suspicious email: notify your IT security team or CISO (Chief Information Security Officer). They may have policies in place for handling suspected phishing. Examples include forwarding the email to a secure inbox for analysis or deleting it from your inbox. Above all, do not click on any links or download attachments if you do not know the email sender. Remember, legitimate organizations will never ask for sensitive information via an unsolicited email.

Training is key

Teaching employees how to spot phishing emails is key to defending against attacks. Make sure they know what to do if they spot a suspicious email, such as:

  • Don’t open the email, click on any links, or download/open any attachments
  • Report the email to your IT security team
  • Follow organizational security policies

CIS offers phishing services to help organizations test their cyber defenses. Our cybersecurity experts work with IT teams to create a customized phishing email that emulates a real-world attack scenario. At the end, we develop a report to identify the methodology used and a breakdown of the results. The report also comes with a list of recommendations to assist with the mitigation and handling of a potential phishing attack.