Let's Go Phishing

Hello,

Oops, you were hacked/ hunted.

Phishing is one of the digital theft techniques to steal your identity, which is highly detrimental, leading to financial losses, data breaches, reputational damage, and other serious consequences for individuals and organizations alike.

Last year, we launched an internal phishing campaign to measure our employees’ security intellect. The Campaign resulted in victimizing a couple of colleagues, and today we would like to highlight the tips to detect phishing emails:

1. Advice: Always check the sender’s email if it is one of the proper channels of communication or not.

it-support@orange.com is not a legitimate email for communication with the employees. At OJO we have:
1. ZZZ INTERNAL COMMUNICATION - ORANGE JO: <internal.communication@orange.com>
2. OJO IT Helpdesk: ojo.ithelpdesk@orange.com

2. Advice: Always question any request asking for sensitive information like password, credit card details, bank account…etc. Your credentials are unique to you and should never be shared with anyone, including friends or colleagues.

Your username and password are the keys to your digital life, and it's crucial to keep them safe to prevent unauthorized access and protect your privacy. Rest assured that no one is authorized to ask for your credentials. Sharing them will pose serious security risk resulting in what is known as data breach and identity theft.

3. Advice: Always inspect any URL before clicking on it, by hovering over it and look for any items that look suspicious or unfamiliar to you

When you hover over “confirm your password” URL link - moving your cursor over the link without clicking it- it displays a preview of the linked page's URL or title before deciding whether to click on it. The URL contains many signs that it is not legitimate link including:

1.The link starts with http, instead of https. The last ensures that the data that is exchanged between your browser and the website is encrypted and secure from eavesdroppers or attackers.

2.Orange is misspelled.

3. The page that the URL lands on is not branded with orange or any of the commonly used pages.

4. Advice: When the contact details are provided, explore them if they are the common ones

Have you noticed that the numbers at the end of the email, was not the help desk number; 1660. This is another clue to suspect the email

The training will need 40 minutes, so get your coffee ready while exploring the course, and remain focused to pass the course with at least 80% to collect your visa and prize*.

There will be limited number of prizes, so be ready to win!

Stay Tuned to win and stay secure!

Whenever you suspect any email, you can always refer to helpdesk (16060) on ojo.ithelpdesk@orange.com or report it to nisops.ojo@orange.com