CyberAlberta has developed a practical email safety resource tailored for Alberta organizations.
Alberta Organizations are welcome to use this content in full or in part for internal communications. Simply add your logo or branding and share with your teams. Minor edits for tone, formatting, or organizational context are encouraged to help tailor the message to your audience.
Use it across newsletters, internal posts, onboarding materials, or awareness campaigns to help users recognize phishing attempts and take everyday steps to stay secure.
Think Before You Click – Everyday Email Safety
Cybersecurity isn’t just the responsibility of IT teams—it’s something everyone plays a role in. One of the most common ways cybercriminals gain access to systems is through email. Whether you're working in a government office, a business, a nonprofit, or remotely, phishing emails can target anyone. Here’s how to stay safe.
Spot Suspicious Links and Attachments
If an email contains unexpected attachments or links, pause before opening. Ask yourself:
- Were you expecting this?
- Is the sender someone you know and trust?
- Does the file name or link look odd?
Always check the sender’s email address carefully. Subtle misspellings, extra characters, or unusual domains can be signs of a scam. For example, an email from [email protected] instead of [email protected] could be a red flag. Even if the message appears to come from someone familiar, attackers can spoof email addresses to trick you.
Hover Before You Click
Before clicking any link, take a moment to preview it:
- On a computer: hover your mouse over the link to see the full URL.
- On a phone or tablet: tap and hold the link to reveal where it leads.
If the URL looks suspicious, misspelled, or unfamiliar—don’t click.
If the message appears to come from an organization your team regularly works with, take time to verify it. Contact the organization directly using known contact details, check with a colleague, or simply come back to it later. Rushing increases risk—slowing down helps you stay secure.
Recognize Urgency and Emotional Triggers
Phishing emails often use urgency or emotional manipulation to get you to act quickly. Be cautious of messages that say things like:
- “Your tax refund is ready—log in now to claim it.”
- “Unusual activity detected on your account.”
- “Invoice ready for payment” or “Invoice ready for approval.”
- “Sign documents to avoid delays.”
- “Click now to avoid penalties.”
These tactics are designed to make you react before thinking. Take a breath, slow down, and verify the message before taking any action. If you're unsure, check with a colleague or come back to it later.
What to Do If You Clicked
Mistakes happen. If you accidentally click a suspicious link or open a questionable attachment, act quickly:
- Report the incident to your IT or security team right away.
- Change your passwords immediately, especially for sensitive accounts.
- Avoid entering any personal information—especially if the link leads to a form or login page.
- Run a malware scan on your device to check for threats.
- Disconnect from the internet, if possible, to prevent further exposure.
Quick action can make all the difference in minimizing potential damage.