How to Avoid a Phishing Attack

• Think about it. Be cautious of emails, calls, or text messages that require you to act immediately or request personal or financial information.
• Be cautious of hyperlinks. Don’t click on hyperlinks in emails or text messages. Always type the URL in the search bar instead.
• Change passwords regularly. Update your password regularly, and make sure they are strong by combining letters, numbers, and symbols.
• Don’t ignore updates. Make sure all of your devices are updated with the latest software.
• Avoid pop-ups. Popups are often linked to malware. Never click the “close” button and instead always look for an “X” in the corner of the popup.

If the phishing incident occurred outside of work, you can report it to the following organizations:

• Cybersecurity and Infrastructure Security Agency: Report@cisa.gov
• Federal Trade Commission: reportfraud.ftc.govExit Disclaimer: You Are Leaving www.ihs.gov 
• FBI Internet Crime Complaint Center: www.ic3.govExit Disclaimer: You Are Leaving www.ihs.gov 

Where to report the phishing incident if it has occurred at work:

If you suspect a phishing incident has occurred at work, report it to the IHS Cybersecurity Incident Response Team at Incident@ihs.gov, or report it using the Report Phishing button in your Outlook toolbar.