EN
PL

Baza wiedzy

Knowledge Hub

Working safely online: instructions and best practices

We are increasingly faced with cyber threats, which very often target employees using company email and systems. This guide will help you quickly recognize suspicious situations and respond in a way that protects both you and your entire organization. By following a few simple rules, you can effectively reduce the risk of a successful attack.

The Biggest Cybersecurity Threats In 2025

Cyber threats can take the form of:

  • e-mails,
  • text messages (smishing),
  • phone calls (vishing),
  • fake websites,
  • messages in instant messengers (Teams, WhatsApp, Messenger, etc.).

How to recognize a suspicious email or text message?

Pay attention to the following warning signs:

  • The sender has a strange address (e.g., support@micr0soft-secure.com instead of @microsoft.com)
  • The message contains linguistic or spelling errors
  • The content includes an urgent request for action (“log in immediately,” “your account will be blocked”)
  • It asks you to provide passwords, login details, or card numbers
  • It contains links or attachments that you did not expect
  • The website address differs from the original domain when you click on it (e.g., bank24-login.com instead of bank24.com)

Dangerous attachments:

  • .exe, .bat, .scr, .js, .zip, and .rar files
  • Word/Excel documents asking you to enable macros
  • PDF files with links redirecting you to external websites

How to respond to suspicious messages?

  • Do not click on links or open attachments from suspicious emails.
  • Do not reply to the message, even if it looks official.
  • Report suspicious activity.
  • Save the message; do not delete it before forwarding it for verification.
  • If it concerns a customer or partner, contact them through another channel (by phone or a known email address).
  • Scan the website or link for viruses using online tools such as Norton Safe Web or NordVPN.

What not to do:

  • Do not give out your passwords via email or phone.
  • Do not log in to a website opened from a link in a message.
  • Do not install software from unknown sources.

If you suspect that you have clicked on a malicious link, opened an attachment, or provided your login details:

  • Disconnect your computer from the internet (disconnect Wi-Fi or the network cable).
  • Do not turn off your computer – the IT department may need information about the incident.
  • Report the incident to the security department or your supervisor (immediately!).
  • Change the passwords for accounts that may have been compromised.
  • Inform your colleagues if the incident may have affected them (e.g., phishing was sent from your account).

How to prevent attacks?

  • Use strong, unique passwords (at least 12 characters, different for each account).
  • Enable two-factor authentication (MFA) wherever possible.
  • Update your system and software regularly.
  • Do not install programs and applications without approval.
Type of scam/fraudWhat the attack looks likeHow to respond
Email phishing (fake login pages)You receive an email asking you to log in to a company system, Office 365, Google Workspace, etc. The link leads to a fake login page.Do not click the link; check the sender’s address and domain. Report the email to the IT department.
Fake invoices / bank account change fraudThe email looks like it’s from a contractor and contains a “new bank account number” or an “invoice correction.” Often impersonates a known company.Always confirm account changes by phone with the contractor. Do not make any transfers without verification.
“CEO fraud” / impersonation of executivesA message allegedly from a supervisor with an urgent request for a transfer or confidential data. Often sent from a similar-looking address (e.g., director@company-support.com).Confirm the request by phone or via the official company communicator. Do not act on instructions from unknown addresses.
Impersonation of IT or helpdesk staffAn email or phone call claiming an “account update” or “system failure.” The scammer asks for your login, password, or remote access.Do not share login details or remote desktop access. Report the situation to the real IT department.
Fake document-sharing invitationsYou receive an unexpected invitation to open a file on SharePoint, Google Drive, etc. The link points to a suspicious site.Do not open it. Verify with the sender whether they really shared the document. Inform the security team.
Internal spear phishing (targeted attack)A message appears to come from a coworker and contains project details or company data. The goal is to gain access to systems or client information.Carefully verify the email address (typos, domain). Report any unusual request for data.
Fake B2B offers / orders from “new clients”You receive an attractive business offer or a large order. They request prepayment, company documents, or bank account details.Verify the contractor – check the domain, business registry details, and their website. Do not send data without confirmation.
Fake system notifications / update alertsA pop-up or email says you must “immediately update” your system, antivirus, VPN, etc.Install updates only from official sources or via IT. Never click update links sent by email.
Scam via company communicator (Teams, Slack)A new user or someone with a similar name requests documents or login data.Check the user profile. If anything seems suspicious – report it to IT.
HR-targeted attack (malicious CV attachments)An email with a job application contains a malicious .doc or .zip attachment. Opening it runs malware.Open only documents from known sources. Report suspicious attachments.
Fake courier or equipment supplier scamAn email or phone call asks for payment of “additional delivery costs” or “extra fees for company shipment.”Do not click payment links. Contact the actual supplier.

The 3-second rule:

Before you click, pause for 3 seconds and ask yourself:

•    Did I expect this message?

•    Do I know the sender?

•    Does anything look strange here?