What Just Happened?
You received a simulated phishing email disguised as an HR nomination notification. When you clicked the link and entered your credentials on the fake login page, you provided sensitive information to an attacker-controlled site — in a real scenario, this would have compromised your ALTEN account and potentially exposed company data.
This exercise is part of ALTEN's ongoing Cyber Security Awareness Program. The goal is not to penalize you, but to help you recognize threats before they cause real harm.
🚩 Red Flags You May Have Missed
Artificial Urgency
The email demanded action "by 9:00 PM today" — a classic pressure tactic to bypass careful thinking.
Suspicious Link / Domain
The URL did not match official ALTEN domains. Always hover over links to verify the destination.
Credential Request
Legitimate HR systems never ask for your employee code or password via an email link.
Unsolicited Notification
Were you expecting this nomination email? Unexpected requests for sensitive action are a red flag.
✅ How to Protect Yourself Going Forward
- ✓ Verify the sender's email address carefully — look for slight misspellings or unusual domains (e.g., @a1ten.com vs @alten.com).
- ✓ Hover before you click — always preview the destination URL in the status bar before clicking any link in an email.
- ✓ Never enter credentials via an email link. Navigate directly to official portals by typing the URL in your browser.
- ✓ Question urgency. If an email pressures you to act immediately, slow down — that pressure is a manipulation tactic.
- ✓ Report suspicious emails using the "Report Phishing" button in mailbox.
- ✓ Enable Multi-Factor Authentication (MFA) on all your accounts — it adds a critical layer of protection even if credentials are stolen.