Updated: Jan 8
Updated: This blog was last updated in July 2020. In January 2021 it was completely reworked, expanded and updated to include current phishing trends arising from the COVID-19 pandemic.
Phishing is one of the most common threats to your online security, and it’s flourishing because of the COVID-19 pandemic — Canadians lost $6.8 million to COVID-19 fraud, including phishing scams, between March and November last year.
Phishing is on the rise because more people are now working remotely — and it takes advantage of our fears and our desire to help others. Here are some basics for protecting yourself.
What exactly is phishing?
The RCMP says phishing is a general term for emails, texts and links to fake websites fabricated and sent by criminals. Phishing is designed to look like messages coming from well-known and trusted businesses, financial institutions, online subscription services, and government agencies. The goal is to trick you into providing personal, financial and sensitive information including user names and passwords.
According to the Canadian Anti-Fraud Centre, “a variation is a phishing email with minimal text that encourages you to click on links or attachments. The email may seem to be a receipt from a recent purchase, a delivery notification, or something more urgent, such as a notice to appear in court. If you click on the link or attachment, your computer is infected with a virus or malware.”
How can I recognize phishing?
According to Get Cyber Safe, a national public awareness campaign created to inform Canadians about cyber security, the 7 Red Flags of Phishing are:
Urgent or threatening language. Phishing messages are designed to trigger a quick reaction from you. They will demand an urgent response.
Requests for sensitive information. Phishing messages are normally not personalized and will ask you to “update,” “confirm” or “validate” your account information. Often, the message or website includes official-looking logos and other identifying information taken directly from legitimate websites.
Anything that’s too good to be true, like a message that you have won a contest or lottery you never entered, or prizes you have to pay to receive.
Unexpected emails, like receipts for items you didn’t purchase or delivery updates on things you didn’t order.
Information mismatches, like incorrect (but similar) sender email addresses, spelling or grammatical mistakes.
Suspicious attachments, such as attachments you didn’t ask for. Watch for strange file names or unusual file formats.
Unprofessional design — everything from blurry or incorrect logos to company messages with little to no formatting.
What should I do when I spot any of these 7 red flags?
Never email personal or financial information.
Don’t click on any links embedded in an email — or even on links you see on a “friend’s” Facebook feed.
Don’t reply to the message, and don’t forward it.
Don’t open any attachments.
Delete the email or text.
What should I do if I’m not sure?
Be suspicious of any email or text message containing urgent requests for personal or financial information (financial institutions and credit card companies normally will not use email to confirm an existing client's information).
Before you take any action, make sure the company or organization that is contacting you is legitimate. The Canadian Anti-Fraud Centre recommends that you:
call the company or organization directly using a telephone number from a credible source such as a phone book, an invoice or by doing your own search online.
verify any calls with your credit card company by calling the phone number on the back of your credit card.
check with other family members if you've received an email, text, call or other contact from a family member in trouble. Confirm if the situation is legitimate.
watch out for fake or deceptive ads, or spoofed emails. Always verify the company and its services are real before you contact them.
check with the Canada Revenue Agency to make sure a Canadian charity contacting you is real.
What can I do if I miss the warning signs?
If you feel you have been a victim of a phishing email, contact the Canadian Anti-Fraud Centre at 1-888-495-8501 toll-free or online.