Oops! You clicked on a link you should not have!

• Fortunately, this time it was a controlled cybersecurity awareness exercise. If the email you received had been a real phishing attack, clicking on the link could have resulted in malware being installed or credentials being stolen, potentially providing criminal groups with access to UNHCR systems.


• Please do not tell your colleagues about the exercise, and read through the following message to see how you can help protect yourself and UNHCR from future phishing attacks.

Signs that this was a Phishing Email:

Top tips to keep your data – and UNHCR’s – safe:

• Complete the Information Security Awareness training to recognize cyber threats and know what measures to take.
  Access the training On Workday if you are a staff member/affiliate or on Learn & Connect if you are an external partner/consultant.
• Understand more about phishing in this visual guide;
• Use Multi-Factor Authentication (MFA) on your UNHCR and personal accounts;
• Create and use strong passwords as per the password policy.
  Enable strong passwords, PINs or biometrics on your mobile devices;
• Use a Password Manager to securely manage all your accounts and passwords;
• Protect your work and personal devices. If your laptop or phone is lost or stolen, your data can end up in the wrong hands.
• Report any suspicious messages to the Global Service Desk by clicking the "Report Phishing" button in your Outlook, or by forwarding the email to GSD@unhcr.org.

Keeping UNHCR secure starts with you.