Cyber Security

Learn to Identify Phishing

Are you Phishable?

Learn to identify phishing, and protect yourself at home and at work. 

Phishing is a technique used by cyber criminals to capture financial and/or personal information from the unsuspecting public, or from institutions like governments and banks.

A phishing message will be sent, usually by email, asking you to take immediate action – Click on an email link! Open an attached document! Recent Canada-wide phishing emails appear to be from PayPal, Amazon, Canada Post, and UPS. They will often ask you to: “Act now!” “Respond immediately!” and will convey a sense of urgency. Some offer a positive outcome, such as a prize or cash reward.

The goal is to trick you into divulging data such as your Social Insurance Number (SIN), bank account information, your identity information, credit card numbers, your account user names and passwords or other information.

In some situations the fraudulent message may trick you into clicking on a link and downloading malicious computer programs (malware) onto your computer. Malware can be used to:

  • Spy on your computer and Internet activities
  • Use your email to send spam to other people
  • Access your accounts, files, photos and video files 

How do you protect yourself against Phishing?

  • Do not reply with any personal, confidential or financial information to ‘verify’ your identity.
  • Do not click on “Unsubscribe” in a spam/ phishing email – this lets the spammers know they have hit a “live” address and you will get more emails of this type. Just delete the message.
  • Be suspicious of all email messages, even if they are from someone you know.
  • Be suspicious if the email contains spelling errors or incorrect grammar
  • ‘Hover’ your mouse over a URL to see if it is identical to what is written; if they are different, this is an indicator that the source is probably not legitimate.
  • Best practice is not to trust supplied links, especially if received in unsolicited emails; use a reputable search engine to look up the address and/or company names and go from there.
  • If you believe the email communication to be valid, contact the company directly.
  • If you are unsure what to do when a suspect email is received, best practice is to delete it.
  • Monitor your credit card and bank statements. If you believe you have been a victim of phishing contact your local police to get advice and to file a complaint.

Remember that legitimate businesses, financial institutions, and Help Desks should never ask you for personal or confidential information via email, voice or text message.