The New GOV.KY Has Launched
The New GOV.KY Has Launched
The New GOV.KY Has Launched
The New GOV.KY Has Launched
Cleaner design, improved search and new features to help you get things done.
Learn More
Updated on 10 December 2025
 8:36 PM

Phishing in the Workplace

2 June 2025 | Blog | By:

Imagine this… You’re finishing up emails late on a Friday afternoon when a message from the HOD lands in your inbox:

“Hey, I’m heading into a last-minute meeting with the board. I need you to grab $200 worth of gift cards for the board members as an appreciation gift. Send me the codes ASAP — I’ll reimburse you Monday.”

It looks legit. The tone feels right. The signature matches. What would you do?

Imagine you receive an email titled: “ACTION REQUIRED: Open Enrollment Benefits Summary Attached”

The message says HR has uploaded new documents for your review, and you need to log in to the company portal using the link provided. You click, land on a page that looks familiar, and enter your credentials.

Only it wasn’t your real HR portal. Now the attacker has your login details.

Or imagine early Monday morning, you see an urgent message from the IT department:

“Security Alert: Suspicious login activity on your account. Click here to verify your identity and reset your password immediately.”

Seems legit, right? And the message feels urgent. But what if it wasn’t coming from HR? Now the attacker has your login details and that link installs malware designed to spread across the network — and within hours, sensitive company data is at risk.

These are just a few examples of how easily phishing attacks can slip through the cracks — even at the most security-conscious organizations. Let’s break down how these attacks work, what they look like, and how you can protect yourself and the company.

In today’s interconnected world, cyber threats are evolving faster than ever — and phishing remains one of the most dangerous and widespread. As civil service employees, you are on the front lines of this digital battlefield. One click on a malicious link can compromise company data, cause financial loss, and damage reputations. That’s why understanding phishing and knowing how to respond is critical to your role in safeguarding the organization.

What is Phishing?

Phishing is a cyberattack where attackers impersonate legitimate sources to trick individuals into revealing sensitive information — like passwords, financial data, or access credentials. These deceptive messages typically arrive via email, but they can also come through text messages (smishing), voice calls (vishing), or even collaboration platforms like Zoom or Microsoft Teams.

Common Phishing Tactics

Phishing emails are getting more sophisticated. Here are some things to look out for:

· Urgent language: “Your account will be suspended in 24 hours!” to provoke fear and rush your response.

· Spoofed addresses: A sender’s name may appear familiar, but the email address might be subtly off — e.g., john.smith@yourcornpany.com instead of yourcompany.com. In more sophisticated cases the email can actually be correct.

· Attachments and links: These might install malware or lead to fake login pages designed to steal your credentials.

·Impersonation: Attackers may pose as your HOD, HR, or IT department to increase credibility.

 

What To Do If You Suspect a Phish

1. Do not click links or download attachments.

2. Do not reply to the message.

3. Report it immediately to: IT Department for Public Sector personnel or Computer Services Department (CSD) 244-2000 if you are Government personnel.

Last updated:
Terms & Conditions Privacy Cookies Freedom of Information Contact Us