Phishing emails are fake messages designed to trick you into sharing your password, clicking unsafe links, or downloading harmful files. They often look like they come from Microsoft, HR, or even your supervisor — but something small will be off, like the sender’s address, tone, or link spelling. Always look carefully before you click. Real internal messages will come from the official company domain, not Gmail or unknown senders.

If you ever receive a message asking for your password, payment, or urgent action, do not reply or click anything. Instead, take a screenshot or forward the email to the IT team for review. It’s always better to double-check than risk exposing patient data or your login credentials.

Most phishing emails can be spotted by three signs: (1) spelling or grammar mistakes, (2) unexpected attachments or links, and (3) urgent or fear-based wording like “Your account will be locked.” Trust your instinct — if something feels off, report it immediately. IT will confirm whether it’s safe and block the sender if needed.