Stay vigilant: How to identify and prevent phishing attempts

In today's hyper-connected world, where nearly everything is immediately accessible at the click of a button, the threat of phishing has become a significant concern for individuals and organizations alike. 

Forty-three per cent of Canadians have been a victim of fraud, according to a poll by Ipsos. However, researchers believe the number is higher, since not everyone reports this crime. As of June 30, 2024, the Canadian Anti-Fraud Centre has reported nearly 16,000 victims. 

This cybercrime involves tricking victims into providing sensitive information such as passwords and credit card numbers. It has evolved into one of the most pervasive forms of online fraud.  

Understanding the tactics used by cybercriminals and how to protect yourself is essential in the fight against this digital deception. 

What is phishing? 

Phishing is one of the most common types of fraud affecting Canadians.  

It involves social engineering, where attackers masquerade as trusted entities or use urgency to mislead their victims. It can occur via emails, text messages or even phone calls.  

The goal is to entice victims into clicking malicious links or downloading harmful attachments, which often leads to the theft of personal information.  

Protect yourself

While phishing scams can be clever, there are simple steps individuals and organizations can take to reduce their risk:  

1. Unfamiliar greeting or tone: Be cautious of emails or calls that begin with generic greetings like "dear customer" instead of using your name. If you receive an email from a company that starts this way, verify its authenticity by calling the organization using the number listed on their official website. 

2. Unsolicited messages: Be wary of unexpected emails, texts or calls, especially those asking for personal information. If you receive an email claiming you've won a prize but never entered a contest, it's likely a scam. Always verify by contacting the company directly through their official contact details. 

3. Grammar and spelling errors: Scammers often make mistakes in their communications. If an email from a reputable company contains numerous grammar or spelling errors, it's a red flag. Cross-check by visiting the company's official website and contacting their customer service. 

4. Sense of urgency: Scammers frequently create a sense of urgency to prompt quick actions without thought. Be cautious of messages that claim you need to act immediately. For example, if you receive a call saying your account will be locked unless you provide information immediately, hang up and verify the situation by calling the company using a trusted number. 

5. Suspicious links or attachments: Avoid clicking on links or downloading attachments from unknown or suspicious sources. If you receive an email with a link, hover over it to see the URL. If it looks suspicious, don't click it. Instead, navigate directly to the company's website by typing their address into your browser or using a search engine. 

6. Requests for personal information: Legitimate companies will never ask for sensitive information like passwords or credit card numbers via email. If you receive such a request, do not provide any information. Always contact the company through official channels before sharing personal or financial details. 

7. Inconsistencies in email addresses and links: Check for discrepancies in email addresses, URLs and other details that may indicate a scam. For instance, if an email claims to be from a known company but the sender's address slightly differs from the official one, it's likely fraudulent.  

8. Be aware of spoofing: Spoofing involves scammers disguising their identity to appear as a trusted source. It can happen through emails, phone calls, or websites. Always double-check contact information and be cautious if something seems off, even if it looks legitimate.  

Make sure to report phishing attempts 

If you suspect a phishing attempt has targeted you, it's crucial to report it. Not only can this help protect you, but it also assists authorities in tracking and combating these scams.  

In Canada, you can report phishing attempts to the Canadian Anti-Fraud Centre, which collects data and provides resources to help victims. 

If you think your information has been compromised and want to know how and to what extent, input your email address into haveibeenpwned.com, a website that identifies which hacking attacks stole your data. 

What do you do if you are a victim of fraud?  

Taking swift action is essential if you believe you've fallen victim to a phishing scam. Here are the steps you should follow according to the Canadian Anti-Fraud Centre: 

1. Collect your thoughts: Take a moment to gather all relevant information about the phishing attempt. Document what happened, including the type of communication you received, any links you clicked and the information you may have shared. This information will help you when contacting authorities. 

2. Contact your financial institutions: Immediately report the incident to your bank and credit card companies. They can monitor your accounts for unauthorized transactions and help you take necessary actions, such as freezing accounts or issuing new cards. 

3. Contact the police: Report the incident to your local police department, especially if you believe your personal information has been compromised. They can provide guidance and may open an investigation if necessary. 

4. Report the incident: Notify the Canadian Anti-Fraud Centre about the phishing attempt. Reporting helps authorities track these scams and protect others from similar attacks. 

5. Protect yourself from future fraud: Take proactive steps to enhance your security. Change passwords for any compromised accounts, enable multi-factor authentication and monitor your accounts regularly for unusual activity. Educate yourself about phishing tactics to avoid falling victim again. 

Phishing poses a significant threat in our increasingly digital world, and awareness is the first line of defence. By understanding the tactics employed by cybercriminals and being proactive in safeguarding your information, you can reduce the risk of becoming a victim. 

Staying educated about the latest phishing scams and best practices is essential for your safety and fostering a safer online community. By sharing this knowledge with friends and family, you contribute to a collective effort to combat fraud and protect everyone from the dangers of phishing.