2025 Cybersecurity Awareness Month: Recognize and Report Phishing

• Division of Banks
• Office of Consumer Affairs and Business Regulation

How can you tell if a message is phishing?

• A tone that's urgent or makes you scared​

Ex: "Click this link immediately or your account will be closed."

• Sender email address doesn’t match the company it’s coming from

Ex: Amazon.com vs. Amaz0n.com

• Unexpected communications such as an email or attachment you weren't expecting​
• Requests to send personal info​

Ex: Legitimate organizations don't ask for personal information through email or an unexpected call

• Misspelled words, bad grammar​ and odd URLs​

Be aware that AI will make spotting these more challenging – stay diligent.

What should you do if you spot a phish?

DO

• Verify that the communication is real and contact the sender directly through known phone numbers or emails.
• Report it to your IT department or email/phone provider.
• Use email filters​. Many email services have filters that can help prevent phishing messages from ever reaching your employees’ mailboxes.
• DELETE IT.

Don’t

• Don't click any links you don’t trust, even “unsubscribe” (just delete).
• Don't click any attachments you were not expecting or recognize.

Division of Banks

The Division of Banks (DOB) is the chartering authority and primary regulator for financial service providers in Massachusetts. DOB's primary mission is to ensure a sound, competitive, and accessible financial services environment throughout the Commonwealth.

Office of Consumer Affairs and Business Regulation

The Office of Consumer Affairs and Business Regulation protects and empowers consumers through advocacy and education, and ensures a fair playing field for the Massachusetts businesses its agencies regulate.

Image credits: Cybersecurity and Infrastructure Security Agency: CISA.gov