How to detect phishing emails

1. Purpose

To provide guidelines for identifying and reporting phishing emails to protect company systems, data, and employees from malicious attacks.

2. Scope

Applies to all employees and interns using company email accounts or devices.

3. Employee Responsibilities

• Review emails carefully before clicking links or opening attachments.
• Verify sender addresses and look for unusual content or urgent requests.
• Never share passwords or sensitive information via email.
• Report suspected phishing emails immediately to the IT team at support@heinfricke.services.

4. Detection Guidelines

• Check sender details for legitimacy.
• Hover over links to verify URLs before clicking.
• Avoid opening unexpected attachments.
• Confirm unusual requests directly with the sender via a separate communication channel.

5. Reporting Process

• Forward suspicious emails to support@heinfricke.services.
• Include sender, subject, and any actions taken (if clicked or opened).
• IT will acknowledge receipt and provide guidance.

6. Compliance & Monitoring

• IT monitors and investigates reported phishing emails.
• Non-compliance or ignoring phishing emails may result in disciplinary action.

7. Policy Review

This policy is reviewed annually or when email security threats or regulations change.

8. Acknowledgement

Employees must confirm they have read and understood this policy by signing the Phishing Awareness Acknowledgement Form.