Phishing is the most common attack vector used against financial organisations. This guide covers how to identify, avoid, and report phishing attacks across every channel — email, links, SMS, phone, and social engineering.
Phishing is a social engineering attack where criminals impersonate trusted entities — colleagues, banks, software providers, or AQRM itself — to trick you into revealing credentials, transferring money, or installing malware. Attackers do not need to hack our systems if they can hack you instead.
Bulk emails impersonating trusted brands. The attacker casts a wide net hoping someone clicks. Usually contains urgency, a fake link, or a malicious attachment.
Targeted attacks using your name, role, or company details. The attacker researches you on LinkedIn before sending. Far more convincing — and far more dangerous — than generic phishing.
Attacker impersonates a colleague, manager, or CEO. Often requests urgent wire transfers or login credentials. Accounts may be genuinely compromised — verify all unusual financial requests by phone.
Phishing delivered by SMS. Often impersonates banks, delivery services, or IT teams. Messages typically contain a shortened URL hiding the real destination.
Attackers call you directly, impersonating IT support, banks, or regulators. They use pressure and authority to extract passwords or remote access. Your IT team will never call asking for your password.
Spear phishing specifically targeting senior executives or high-value employees. Attackers invest significant time crafting highly personalised, convincing attacks — including fake legal notices or regulatory correspondence.
These examples show realistic phishing emails you may receive, annotated with exactly what to look for. Compare them against legitimate counterparts.
Attackers replace letters with near-identical character combinations. The most dangerous is 'rn' replacing 'm' — at normal reading speed they are virtually indistinguishable, especially in email address fields where people rarely look closely.
Dear User,
Our systems have detected unusual sign-in activity on your account. To avoid suspension, you must verify your identity immediately by clicking the link below.
Failure to verify within 24 hours will result in permanent account deletion. Do not ignore this message.
Hi [First Name],
We are making a minor update to the Microsoft 365 sign-in portal this Thursday between 22:00–23:00 EET. You may be briefly prompted to re-authenticate.
No action is required from you. If you experience any issues after Thursday, please contact us directly.
Hi, I'm in a board meeting and can't talk. I need you to process a transfer of €48,500 to a new supplier account urgently. Details below:
Bank: Eurobank Cyprus · Account: CY89002001950000357001234567
Do not mention this to anyone — it is commercially sensitive. I'll explain when I'm out of the meeting.
Before clicking any link in an email, SMS, or chat message — hover over it and inspect the full URL. Here's how to dissect what you're looking at.
These scenarios are based on real attacks against financial firms. Understand how they unfold so you can recognise them before it is too late.
Email phishing · Credential theft
You receive an email from 'AQRM IT Support' saying your OneDrive storage is full and you must log in to clear it within 12 hours or lose access to your files.
Supplier impersonation · Financial fraud
You receive an email from a known supplier saying they have updated their banking details and asking you to use a new account for the next payment — which is due soon.
SharePoint / OneDrive impersonation
You receive a Microsoft-branded notification saying a colleague has shared a document with you. The email looks exactly like a real SharePoint notification — right down to the Microsoft logo and formatting.
Smishing · Account takeover
You receive an SMS appearing to be from your bank or a payment provider, warning of a suspicious transaction and asking you to verify via a link.
Vishing · Remote access fraud
Someone calls you claiming to be from AQRM IT or Microsoft support. They say there is a critical problem with your computer and they need remote access to fix it immediately.
Internal platform impersonation
A Teams message arrives from someone with a name similar to a colleague or manager, asking you to complete a quick task — usually clicking a link or sharing a file.
Fraudulent SMS messages impersonating banks, couriers, tax authorities, or IT. Always contain a link or a phone number to call. Shortened links hide the real destination — never click without expanding first.
Callers impersonating IT, banks, or authorities. They create urgency and use technical language to seem credible. They may know your name and basic details from LinkedIn. Never grant remote access or share OTP codes.
Attackers clone colleague or management profiles on WhatsApp/Telegram using their photo and name, then contact you with urgent requests. Company business is never conducted via personal messaging apps.
Before acting on any email, link, call, or message — run through these checks. When in doubt, do not click. Report instead.
If you receive a suspicious email, SMS, call, or message — do not click any links, do not download attachments, do not reply, and do not provide any information. Report it to IT immediately. Even if you are unsure — report it. A false alarm costs nothing. A missed phishing attack can be catastrophic.
If you have already clicked a link or entered credentials: disconnect from the network immediately, do not turn off your computer, and call IT directly now.