Phishing Awareness — Study Guide
Review these materials before taking the exam. All links open in the Krumware Confluence IO space.
Key Concepts
- What is phishing? — A social engineering attack where someone impersonates a trusted entity to steal information, credentials, or install malware.
- Attack channels: Email, Slack/Teams, SMS (smishing), phone calls (vishing).
- Red flags: Urgency/threats, sender domain mismatch, suspicious links, unexpected attachments, generic greetings, requests for credentials.
- Link verification: Hover before clicking. Check the actual domain. Navigate directly instead of clicking.
- If you spotted phishing: Don't click, don't forward, report to IT via Slack, mark as spam, delete.
- If you clicked something: Disconnect if you downloaded something, report immediately, change passwords, verify MFA. No punishment for reporting.
- Reporting order: Slack (primary) → Email (secondary) → Phone (critical).
Policy References
| Document | Relevance |
|---|---|
| TRN-005 Incident Response Quick Reference | How to report phishing and other security incidents |
| POL-013 Incident Response Policy | Full incident response policy — severity levels, response team, notification requirements |
| POL-007 Acceptable Use & Communications Policy | Acceptable use of email, messaging, and communications systems |
| POL-010 Security Awareness & Training Policy | Training requirements and security awareness program |
| TRN-001 Phishing Awareness Guide | Full training guide — the source material for this module |
Related Playbooks
| Document | When It Applies |
|---|---|
| PLB-003 Credential Compromise Playbook | If you entered credentials on a phishing site |
| PLB-002 Data Breach Playbook | If phishing led to unauthorized data access |
| PLB-001 Ransomware Playbook | If a phishing attachment delivered ransomware |
Related Procedures
| Document | Relevance |
|---|---|
| PRC-007 Incident Response Procedure | Step-by-step incident handling process |