What is phishing?
Email accounts are one of the largest forms of traffic on the internet, thus phishing is also one of the most common cyber attacks seen in the wild. Phishing is a type of social-engineering attack where an attacker tricks a user, often by posing as a legitimate source, sending malicious links to a login page, attaching malicious files to an email or text message, or stealing sensitive data from a user.
How to check if an email is legitimate?
Check the display name. Sometimes attackers will spoof the email display name in hopes of tricking a user. To ensure the authenticity of the sender's email, hover over the display name and check if the sender's email address originates from @braintreepayments.com or @paypal.com. Make sure to check the sender's email address closely since many attackers try to substitute different characters for the company name. For example, PayPal might be PayPaI (the second uses an uppercase 'i' instead of a lowercase 'L').
Be aware of senders posing as a Braintree representative that demand something be completed in an urgent manner.
Avoid Unknown Links
Hover over links in an email to see the actual destination URL. If you are not 100% certain about the true destination of the link, report it to firstname.lastname@example.org.
Only open attachments if you know the sender is legitimate and the file is safe. Beware of unknown file names or extensions.
What to do if you received a suspicious email?
Do not click on any links in the email
Do not download any attachments
Do not enter any sensitive information
Do not respond to the sender
Do not change the subject line or forward the message as an attachment