Protect yourself from phishing

CSS IT Desk CSS IT Desk Knowledgebase Cyber Security

👁 1,324 views 📖 10 min read 📁 Cyber Security

🛡

Security Awareness

Phishing is the #1 entry point for cyberattacks. One click can compromise your account — and the entire CSS Group network. This guide equips you to recognise, avoid, and report phishing attempts.

🤖

What is Phishing?

Understanding the threat

Phishing is a cyberattack where criminals impersonate trusted organisations, brands, or colleagues — via email, SMS, WhatsApp, Teams, or phone calls — to trick you into:

Clicking a malicious link leading to a fake login page
Opening an infected attachment
Sharing your password, OTP, or MFA code
Approving a fake MFA push notification
Wiring money or purchasing gift cards for a "manager"

🚫 Critical Reminder

You are the most important line of defence. A single click can expose your credentials, lock you out of your account, and give attackers a foothold inside the entire CSS Group network.

🔎

6 Warning Signs to Watch For

Pause and inspect any message showing one or more of these

💌

Suspicious Sender Address

Lookalike domains: cssdubai-group.com
Gmail pretending to be CSS
Letter swaps: rn instead of m
Display name says "Finance" but address is random

⏱

Urgency & Pressure

"Your mailbox deletes in 24 hours"
"Suspicious login — verify NOW"
"CEO needs this urgently"
"Pay immediately or service stops"

📎

Unexpected Attachments

Invoices or voicemails you did not expect
Files: .html .zip .iso .lnk .docm .xlsm
Links that say one thing, go somewhere else
Shortened URLs in business emails

💷

Unusual Requests

"Don't loop in Finance, pay directly"
Gift card purchases for management
Re-entering password from an email link
Approving MFA you did not trigger

✍

Poor Language / Generic Greeting

"Dear Customer," "Dear User,"
Awkward phrasing or broken grammar
Tone does not match the supposed sender
AI phishing now has fewer typos — do not rely on grammar alone

🛑

"External" Banner on Internal Mail

Claims to be from a CSS colleague
But carries the "External" warning label
Treat as phishing until IT confirms otherwise

💡 Remember

Legitimate internal CSS mail always comes from an @cssdubai.com address. Hover over (or long-press) the sender name to reveal the real email address hidden behind the display name.

🎮

Common Phishing Scenarios at CSS

Know what attackers are sending to CSS employees

🔐

Fake Microsoft 365 Login

Email about quarantined messages, password expiry, or storage limits — asks you to "sign in" via a link to a convincing fake Microsoft page that steals your credentials.

👔

CEO / Manager Fraud

Short message from "the CEO" asking you to buy gift cards, share your number, or urgently pay an invoice — often while they are "in a meeting" and cannot be called.

📄

Fake Invoice / Purchase Order

PDF or DOCX from an unknown vendor with a payment link or changed bank account details. Always verify new bank details by calling the vendor on a number you already have on file.

💼

HR / Payroll Bait

"Updated salary structure," "bonus letter," or "new HR policy" with a link to a fake login page designed to steal your Office 365 credentials.

🚚

Courier / Delivery Notification

"Your DHL / Aramex package is undeliverable — confirm your address" with a link or suspicious attachment. Especially common around holidays and peak periods.

📱

MFA Fatigue Attack

Attackers who already have your password send repeated MFA push notifications hoping you tap "Approve" to stop them. Never approve a prompt you did not trigger.

🚨

Received a Suspicious Message? Do This.

Follow these steps in order — do not skip ahead

⚠ STOP • THINK • REPORT

Phishing relies on you acting before thinking. Take a breath before doing anything.

Do NOT click any links

Even "unsubscribe" links can confirm your email is active and trigger tracking pixels on the attacker's server.

Do NOT open any attachments

Office macros, PDFs with embedded scripts, and HTML files can all execute malware the moment you open them.

Do NOT reply or forward to colleagues

Replying confirms your address is live. Forwarding can spread tracking pixels or expose others to the threat.

Report it to IT

Use the Report Phishing button in Outlook, or raise a ticket at the CSS IT Desk / email itsupport@cssdubai.com. Attach as .eml or .msg — do not forward inline.

Delete the email

After reporting, delete it. Your inbox is not a safe resting place for a live threat to sit.

🔴

Already Clicked or Entered Credentials?

Act within the first 15 minutes — every minute counts

⏰ Speed Matters — First 15 Minutes Are Critical

Do not wait to see if anything happens. By the time you notice unusual activity, the attacker has already acted.

Disconnect from the network immediately

Unplug the LAN cable and turn off Wi-Fi. This stops malware from calling home or spreading laterally.

Call the IT Helpdesk — do not email

If your email account is compromised, it may already be monitored by the attacker. Call or Teams-message IT directly.

Change your password from a trusted device

Use your phone or another PC — not the potentially compromised machine. Also change it on every site where you reused that password.

Sign out of all Microsoft 365 sessions

Do this from your phone, or ask IT to force-revoke all active sessions from the admin centre immediately.

Watch for unusual activity — do NOT clean up

Check for sent emails you did not write, inbox rules you did not create, and calendar events you did not add. Do not delete anything — IT needs the evidence to contain the incident.

🔒 Password Reuse is Dangerous

If you entered your CSS password on a fake site, assume it is now compromised on every other site where you reused it. Change it everywhere — and start using the company password manager going forward.

✅

Daily Habits That Keep You Safe

Build these into your routine

🔍 Hover Before You Click

Always check where a link actually goes. The URL in the status bar is the truth — not the hyperlinked text shown in the email.

📞 Verify Through a Second Channel

If "your manager" emails an unusual request, call or Teams-message them directly using a contact you already have on file — do not reply to the email.

🔒 Never Share OTPs or MFA Codes

No legitimate IT staff, bank, or service provider will ever ask for your password, OTP, or MFA approval code. Not ever.

📱 Deny Unexpected MFA Prompts

A push you did not trigger means someone already has your password. Deny it immediately, report to IT, and then change your password.

💻 Type URLs Manually

Log in to services by typing the address yourself or using a saved bookmark — never by clicking a link from inside an email.

🔐 Use the Password Manager

Use a unique, strong password for your CSS account and never reuse it elsewhere. Let the company password manager generate and store all your credentials securely.

📋

Quick Reference Card

Print this and keep it at your desk

If you see this...	Do this immediately
Unexpected attachment (invoice, voicemail, HR letter)	Do not open. Report.
Urgent payment or wire transfer request	Call sender on a known number to verify.
MFA push notification you did not request	Deny. Change password. Report to IT.
Login page reached by clicking an email link	Close it. Type the URL manually instead.
"External" banner on mail claiming to be from CSS	Treat as phishing. Report.
You clicked a bad link or entered credentials	Disconnect. Call IT now. Change password.
Gift card request from "manager"	Always a scam. Report immediately.

📞

🛡 Need to Report? Contact IT Security

📧 it-desk@cssdubai.com — attach the suspicious email as .eml or .msg

📋 CSS IT Desk — raise a ticket via the self-service portal

👉 Report Phishing button in Outlook — fastest method, sends full email headers directly to IT

There is no penalty for reporting — even if you already clicked.
Early reporting protects everyone. When in doubt, ask IT.

Was this article helpful?

← Go Back 📁 Cyber Security

Protect yourself from phishing

IT Support Chat

Start a Live Chat

No Agents Available