CISA encourages users and administrators take the following actions to avoid becoming a victim of social engineering and phishing attacks:
- Be wary of unsolicited emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization's helpdesk or search the internet for the main website of the organization or topic mentioned in the email).
- Use caution with email links and attachments without authenticating the sender. CISA will never send NCAS notifications that contain email attachments.
- Immediately report any suspicious emails to your information technology helpdesk, security office, or email provider.