Indonesia

Security Awareness: Beware of Phishing & Social Engineering

Learn to recognize the characteristics of suspicious emails, safely check suspicious links, and taking proper actions without sharing any credentials.

Why Are You Seeing This Page?

You are seeing this page because you clicked a link in a suspicious email or entered your login details in a fake login page — this was a simulated phishing attack. This exercise aims to help employees learn how to identify and handle suspicious emails safely.

Common Signs of Phishing

  • The sender's domain or link looks similar to, but does not exactly match, the official domain.
  • Pressure tactics: “Your account expires within 24 hours”.
  • Unsolicited attachments or links requesting login credentials/OTP codes.
  • Spelling mistakes, poor formatting, and demands for sensitive information.

How to Safely Verify Links

Always verify the main domain and use official bookmarks to log in. Never log in through email links.

Examples of safe vs. dangerous URLs
  • Safe: https://portal.perusahaan.co.id/login
  • Dangerous: https://portal-perusahaan.co.id.secure-auth.example.com

FAQs

Is this campaign collecting my data?

No. This is purely educational. No passwords or personal data are collected.


How should I report a suspicious email?

Email your company SOC/IT helpdesk with complete headers and screenshots attached.