Have you received a worrisome email claiming to be from the Canadian Revenue Agency saying you’re in some sort of trouble and need to immediately provide personal information?
Or perhaps a message from an internet service provider asking you to click on a link for a deal that’s too good to be true?
These are just a few examples of phishing scams.
What is a phishing scam?
Phishing is a digital tactic that cybercriminals use to try and steal sensitive information like passwords or credit card details. The criminals often pretend to be a trustworthy source as this increases the likelihood that unsuspecting Canadians will fall for their scams.
While some phishing attempts can be extremely obvious, criminals are beginning to get more sophisticated, which makes individuals more likely to fall for the scams.
They will use tactics like email and website name spoofing; offers of refunds or money; or requests to download attachments, fill out forms, click links or scan a QR code. If you fall for a phishing scam this can leave you vulnerable to ransomware, data and privacy breaches and identity theft.
Types of phishing scams
There are five main types of phishing scams targeting Canadians on personal devices.
- Email phishing – scammers will send emails that appear to be from legitimate organizations, such as government organizations, subscription services or banks, asking you to download an attachment or click on a malicious link.
- Account verification scams – these scams typically involve fake notifications or alerts that claim there is an issue with your account, such as a security breach or account suspension. You’ll likely be instructed to click on a link or to verify your account by providing your login credentials.
- Vishing (voice phishing) – ID spoofing is a common tactic used by vishing scammers to make their phone call appear to come from a trusted source. They will attempt to coerce victims into sharing private information or completing a fraudulent transaction by posing as customer service representatives, government authorities, and internet or phone service providers.
- Smishing (SMS phishing) – smishing is when you receive phony texts that appear to come from a reliable source, such as a bank or service provider, and usually contain urgent or frightening information. The texts will typically ask for personal information or direct you to click on a dangerous link.
- Social media phishing – phishing attempts on social media platforms typically involve fake accounts or hacked accounts that will post links or send messages attempting to steal login details and other personal information of people within their targets network.
How to identify a phishing scam
Phishing tactics are designed to catch you off guard and steal your personal information. What is even more alarming is that sometimes they can contain actual information like your address or full name, making them look even more legitimate.
If you receive an email or message that you suspect is a phishing attempt, pay attention to the following:
- Obvious spelling or grammatical errors that are out of character for the sender.
- Email addresses, links and domain names that don’t match the organization that the sender says they’re from. You can double check this by hovering your cursor over the sender’s email and links to see what they actually say – remember not to click on anything.
- Requests for sensitive information that could be used to steal your identity, such as your banking information, passwords, tax information and anything else that can be used to steal your identity.
- If someone you know and trust sends an unusual message or request out of the blue (for example, your grandma suddenly emailing you asking you to buy 20 electronic gift cards for her for the holidays), get in touch with them through a different method to confirm their request in person.
Consider the following question before opening an attachment or clicking on a link: Was I anticipating this phone call, text, email, or message? If the response is ’no,’ stay away from entering any personal information or clicking on any links.
Don’t forget to discuss cybersecurity with your loved ones. All ages groups can be targeted for phishing scams, so it’s important to discuss what these messages can look like with everyone in your household.
How Acera Insurance can help
Our cyber insurance specialists are here to help provide peace of mind in the event of a cybercrime. They can answer any questions you might have about cyber insurance and work with you to develop a policy that meets your needs.
Start a conversation with one of our expert advisors today to determine the right coverage for you