Phishing is a type of fraud aimed at obtaining confidential user or company data. The Network Monitoring and Management Center analyzed the growth of phishing attacks in Russia in 2024, revealing a 425% increase.
Targeted phishing is a planned attack aimed at specific company employees to steal corporate data, gain access to internal systems, or disrupt infrastructure operations.
How fraudsters deceive:
- Research the company by reviewing social media, company structure, and communication style.
- Forge emails from managers or colleagues using cloned domains. For example, instead of name@company.com, they use name@companny.com.
- Create fake accounts in messengers and impersonate real employees, complete with profile photos.
- Send malicious files, such as requests to update software.
- Create fake login pages to steal passwords.
Test your ability to recognize phishing. Answer 10 questions.
Question 1. You work at the company with the @mycompany.com email domain. You received an incoming email. Is it phishing?
From: CEO@MYC0MPANY.COM
To: Everyone
Subject: IMPORTANT. URGENT. About bonuses
Hello, colleagues!
As part of our plans to introduce a new motivation and bonus system in our company, all employees must complete a survey via the following link: HTTPS://SURVEY.MYC0MPANY.COM. Deadline: today by 4:00 PM.
Best regards, CEO of "My Company"
Find the answer
This is a phishing email. Here are the signs:
- The email lacks specific sender and recipient details.
- The link replaces the letter O with a zero.
- The link leads to a fake website.
Question 2. You received an email. Is it phishing?
Hello!
In response to your estimate for supplying home appliances, please complete the contractor form (attached document: card.pdf.exe) and send it back via email to continue our collaboration.
Best regards, "Company name"
Find the answer
This is a phishing email. Here are the signs:
- The email lacks a specific sender.
- The attachment is a file with an exe extension, not a pdf. File formats like exe, scr, bat, and vbs can be malicious.
Question 3. You received an email. Is it phishing?
Hello!
As we prepare for our corporate event, please vote for the venue. Other companies are actively booking locations, so voting must be completed today.
Voting link: https://event.mycompany.som
Find the answer
This is a phishing email. The scammer changed the domain zone from com to som.
Question 4. Is this email phishing?
From: HelpDesk@HelpDesk.com
Subject: Urgent CRM update
Hello, sales department colleagues!
Due to a critical error in our CRM, there is a risk of losing all deal data. You must urgently download and run the update (attachment: update.exe).
Best regards, Paul Johson
IT Lead Specialist
paul@mycompany.com
LLC My Company
Find the answer
This is a phishing email. The sender is forged. Instead of @mycompany.com, it uses @HelpDesk.com.
Question 5. Which email can be used for work correspondence?
- @gmail.com
- Only corporate services
- Any services, as long as you know the recipient
Find the answer
Separate personal and work correspondence. Use only corporate services for work emails. This protects the company from sensitive information leaks.
Question 6. Select the signs of a phishing email:
- Urgency in task completion
- Generic greeting — no name or position
- Links with character substitutions, like O replaced with 0
- Attachment with an exe file format
Find the answer
The correct answer is all the listed options indicate phishing.
Question 7. Is this link address fake — https://googlediscover.com.xyz?
Find the answer
Yes, this address is fake. An extra domain, xyz, is added after com. You can check site ownership on Whois services like https://www.nic.com/whois/.
Question 8. Is this link address fake — http://205.0.112.45?
Find the answer
The link may be phishing if:
- The site domain is an IP address.
- The protocol is http instead of https. Without the letter s, there is no encryption.
Question 9. You received a message.
Hi, I can't reach your manager Paul. It's urgent to pay the invoice for equipment supply. Attachment: invoice.pdf.
Best regards, Paul Johnson
paul@mycompany.com
+12345678912
CEO of LLC My Company
What will you do next:
A. Call your manager Paul to confirm the task. Do nothing until he confirms. If it's phishing, immediately inform the Security Department.
B. Urgent tasks from management must be completed immediately, and checking emails for phishing is the responsibility of the Security Department.
C. Start following the email instructions immediately but inform your manager simultaneously.
Find the answer
The correct answer is A. Any employee can encounter phishing, so it's important to:
- Take your time — urgency in emails is often a sign of deception.
- Verify the sender — domain, name, and email style.
- Consult colleagues if something seems suspicious.
Security depends on every employee.
Question 10. Your friend sent a file about a sale to your work laptop. You:
- Called them to clarify details
- Checked the file extension
- Scanned it with antivirus software — no threats found
- And only then opened the document
Did you do everything correctly?
Find the answer
The correct answer is no. While this wasn't a scam and you were communicating with a friend, your work laptop contains corporate data, and even accidental actions can lead to data leaks.
Follow these rules to avoid risks:
- Download personal files only on personal devices.
- Use your work laptop exclusively for work.
This way, you protect yourself and your company.