Phishing for your data.
Is it spam? Should you block that sender? These days, it seems like there’s a new phishing scam in your inbox or messaging app almost daily. Although some are easy to identify, fraudsters are getting smarter, and some messages might leave you feeling confused.
Phishing is an attempt by fraudsters to extract personal information from you by posing as a reliable source, such as a financial institution or a government agency (e.g. CRA) for their financial gain.
According to a September 2020 study by Statistics Canada, “just over 4 in 10 Canadians (42%) experienced at least one type of cyber security incident since the beginning of the pandemic, including phishing attacks, malware, fraud and hacked accounts.”
The fraudster may reach out to you by phone, text or email to bait you in, using messaging techniques to try to gain your trust.
Examples of phishing scams:
You receive a text message offering you a government rebate if you click the link contained in the message.
A payment confirmation email arrives in your inbox for a service you didn’t subscribe to. It also contains links and a request to respond with your personal information.
You’re a newcomer to Canada, and you receive an angry phone call from someone claiming to work for the government. They threaten to deport you if you don’t pay a fee.
You receive a random message from a stranger on social media asking you to invest in crypto currency.
Although phishing scams are always evolving, these are a few of the common ones:
The Government of Canada describes spear phishing as a “personalized attack that includes personal details about you, such as your interests, recent online activities, or purchases.” This is all in an effort to convince you to click a link to a fraudulent website that mimics one you know, so that you can enter personal information like your banking sign-in credentials.
A form of attack using SMS texts to collect sensitive information. These texts could include dangerous links or phone numbers that could compromise your device and personal information. If you receive a suspicious text, don’t respond. If you’re unsure, you can look up the organization or service provider referenced in the text online and obtain their contact information from their website.
If you’ve ever received an unexpected call claiming to be from “Canada Revenue Agency,” you’ve likely been vished. Vishing, which is short for “voice phishing,” involves enticing people to reveal personal information by phone. Some types of vishing include robocalling, which is a pre-recorded call featuring an automated voice requesting personal information, or caller ID spoofing which uses software to create the impression that a scammer is calling from a legitimate phone number.
What are the red flags?
A government agency would never request personal information by text, and the link is often a telltale sign that a fraudster may be interested in installing malware on your device.
What can you do to protect yourself against phishing attacks?
Don’t click on emails you sense could be suspicious and mark them as spam immediately
If you do click on a suspicious email, don’t click any of the links included
Don’t respond to suspicious text messages or click any of the links included
Block suspicious emails or phone numbers to prevent further attempts
Never share sensitive information by email, text or over your social messaging platforms
Block suspicious accounts that attempt to connect with you on social media
You can never be too careful when it comes to your personal information. Understanding how fraudsters work can help you better protect yourself against their schemes.
For more safety tips, check out this article on identity theft.