Spotting Attacks

Links, Attachments & Downloads

Foundational

A single click can be all it takes — a bad link to a fake login page, or a harmful attachment that infects your device. You do not need to inspect every file like an expert. You just need to be careful with anything unexpected, and to check where a link really goes before you trust it.

Links and attachments are how a lot of attacks actually land. A link can lead to a convincing fake site that steals your password, or to malware. An attachment — even one that looks like an invoice, CV, or scanned document — can carry something harmful, especially if it asks you to "enable content" or "enable macros".

The rule of thumb is about expectation and source: was this expected, and is it really from who it claims? If you weren't expecting it, or anything feels off, don't click or open — check first.

Before you click or open

DoHover over (or long-press) a link to see the real address before clicking, and be wary if it's unrelated, odd, or a look-alike of a real site.
DoFor important sites (your bank, work logins), type the address yourself or use a saved bookmark instead of clicking a link in a message.
DoBe cautious with unexpected attachments, and only download software and files from sources you trust and are approved to use.
AlwaysTreat any document that asks you to "enable macros" or "enable content" to view it as dangerous — close it and report it.

When in doubt

DoVerify with the sender through a known channel if an attachment or link is unexpected — a quick message confirming "did you send this?" is enough.
DoReport suspicious links and attachments to security, and if you clicked or opened something, say so immediately (see Report It).
Do notPlug in a USB stick or device you found or were given unexpectedly — hand it to IT instead.
NeverEnter your password or a code on a page you reached by clicking a link in an unexpected message.
NeverInstall software, browser extensions, or apps from unknown or unapproved sources onto a work device.

Ask yourself

AskWas I expecting this link or file, and is it genuinely from who it says?
AskWhere does this link actually go when I hover over it?
AskIs it pressuring me to enable something, install something, or log in? That's a red flag.

Why it matters: Malicious links and attachments are a direct route to stolen passwords and infected devices — and from there to customer data. A moment's caution before clicking or opening, plus typing important addresses yourself and reporting anything odd, removes the easy win attackers are counting on.