Phishing is a term for putting out bait and is a way for criminals to trick employees within a company or individuals into providing sensitive data. They are after your personally identifiable information like banking logins, credit card details and passwords. Phishing scams most commonly come in through emails but can also be sent by text (SMS) and social media messages.
The scams usually follow a typical format that try to entice you to click through. Sprinkled with headlines and bolded phrases of offering you a ‘refund on your tax return’, ‘your account needs attention’ or a ‘E-Mail money transfer alert’. The email will also usually have a ‘quick response needed’ tone to them, to entice you to act quickly and not investigate the email too deeply.
These scams can be tricky to spot because the scammers will go to great lengths to mimic or copy the look and wording of your actual bank, federal/provincial revenue agencies, utility company or other online service.
Why is it dangerous?
Phishing is a way for scammers and internet bad guys to get a foothold into your personal life and or company. They can take the information they have learned to steal your money, steal your identity or infect your computer systems with malware.
Here is a possible scenario of how easy your information can be stolen:
You’ve received an email from your personal financial institution. The email is stating there was an error in your account and the bank needs you to login and for your convenience they have provided a handy button or link in the email to the login page.
All that is required of you is to click the button or link, enter your login information (for banks, its usually your card/account number and password). You feel this is a legitimate email and justifiably you’re now worried that something might be wrong with your finances which is a reasonable reaction.
You go ahead and click the link, enter your account number and password…
After entering your login information, the website seems to slow down and takes a while to load….
OR
After entering your login information, you’re giving an error page stating the bank, or service, is doing maintenance to the website and for you to try again later.
You’re a busy personal, so you let it go and will try again later when you have time.
In the previous, unfortunately typical, scenario the bad guys have successfully tricked you into giving them your banking account number and password. Once they gain access to your passwords, they can steal a large amount or all of your funds, cause other financial issues or in extreme cases hold your bank account for ransom. A business that is targeted in a similar manner could also lose access to funds, business records, or personal employee information.
Most phishing schemes typically target your bank account first but gaining control of your computer, via installation of malware and computer viruses, is also beneficial to cyber criminals.
Why would they want to compromise your computer? Using your computer and networks, scammers can conceal their location on the internet to launch other cyberattacks such as distributed denial of services (DDoS) and other phishing email campaigns.
How to Protect Yourself!
Don’t take the bait! Plain and simple. Never click on email links no matter how legitimate you think they are.
If it is something personally related to you and it is asking you to log in, go to a new browser window or tab to log into the site. The reason why this method is safer is because scam sites can be cloned very easily and have authentic looking domain names (URLS in the address bar)
Most, if not all, companies have a policy of never asking for personal information via email, so in that regard if you get an email asking for your personal information or asking you to click a link to login, most likely it’s a scam.
- Never click on links in unexpected emails.
- Log in to the site manually to investigate any issues with the account in question.
- If you are still unsure, give the bank or business that you think sent the email a personal call through contact information on their website. Never act on the email.
- Report it! Visit the Canadian Anti-Fraud Centre. (I will provide a link below)
- Keep your computers and devices to receive updates automatically.
- Back up your data!
Here is some further reading about the different types of phishing scams affecting Canadians:
RCMP
http://www.rcmp-grc.gc.ca/scams-fraudes/phishing-eng.htm
Canada Revenue Agency
https://www.canada.ca/en/revenue-agency/corporate/security/protect-yourself-against-fraud.html
Canadian Anti-Fraud Centre
http://www.antifraudcentre-centreantifraude.ca/index-eng.htm