Phishing: How to recognize fraudulent communications

What is phishing?

Phishing refers to all forms of fraudulent communication used by scammers to obtain your personal details or install malware on your computer, phone or tablet. Communications can take the form of an email, text message, phone call, social media post or message, or even a QR code.

They often resemble official messages from the government, the Canada Revenue Agency, your banking institution or your telecommunications service. Scammers will even go so far as to use the colours and logos of these institutions. And because it’s becoming increasingly difficult to recognize this type of scam, no one is safe from them.

What are the different types of phishing attacks?

There are several types of phishing scams. While fraudulent messages often look like official communications, they may also take the form of more personal messages from people close to you. Here are a few examples:

• A phone call from the Canada Revenue Agency asking for your Social Insurance Number.
• A text message from the Canadian government saying that you’re entitled to a credit to help Canadians cope with inflation and inviting you to claim it by clicking on a link.
• An email from a streaming platform, antivirus software or one of your online subscriptions telling you that your monthly payment couldn’t be processed due to a problem with your credit card.
• A message from a loved one on social media asking you to help them recover their hacked account. 
• An email informing you that a package has been held up due to non-payment of customs fees and inviting you to pay the amount due.

And since fraudsters are always ready to capitalize on current events – such as pandemics, ice storms, power or telephone failures – or events related to certain periods, such as tax season, it’s not unusual for communications to be linked to relevant key moments.

How can you spot fraudulent communications?

One of the most common phishing strategies is to create a sense of urgency in the target. There are many ways of doing this.

For example, you could be threatened with the blocking or closure of an account, the return of a package to its sender or even criminal prosecution. The stress generated by this kind of situation increases your chances of clicking on the indicated link or giving out personal details without thinking it through.

It’s common for scammers to offer you a sum of money or a gift, such as a tax refund or another unexpected reimbursement. They may also ask you to quickly resolve a problem or update your banking and credit card details.

How should you respond to fraudulent communications?

Did you receive an unsolicited message urging you to act immediately, signalling an alarming situation or offering you something that’s too good to be true? Don’t take anything for granted, and above all, stop and think whenever you receive a suspicious email or any communication that looks like a potential phishing attempt. Moving too quickly could push you to make mistakes and provide valuable information.

Here are a few more practical tips:

• Confirm the source of the message: Make sure the sender’s email address or phone number is actually that of the company or person concerned. For companies, check that what comes after the at sign (@) is the company’s actual domain name.
• Contact the sender: If it’s a company, be sure to use the email address or phone number listed on the official website, not the one mentioned in the communication.
• Make sure hyperlinks are secure: Can’t tell where a hyperlink will lead you? If you’re using a computer, place your cursor over a hyperlink without clicking on it. You’ll see the site appear in full, and you can either confirm or question its legitimacy. On a smartphone, you can press on a hyperlink for a few seconds to see the same thing.
• Never pass on your personal details: Unless you initiated the communication or contact, don’t share any personal details with anyone.
• Assess the relevance and authenticity of the communication: Ask yourself questions. Are you participating in a competition? Are you expecting a package? When in doubt, apply the advice mentioned above.
• Don’t rely on visual identities: Company and organization logos are easy to imitate, making phishing emails or fraudulent sites look legitimate. Furthermore, seeing the name of your financial institution on your phone’s call display is no guarantee that it’s not a phishing attempt.
• Delete the message: Don’t hesitate to delete an email, text or voicemail message that seems fraudulent. Usually, a legitimate organization will contact you several times if it expects you to take action.
• Report the attempted fraud: Alert the company concerned or the person being targeted for identity theft. Report the fraud to the Canadian Anti-Fraud Centre.

What should you do if you get phished?    

Even if you take every precaution, you could still fall victim to a phishing scam. If you do, don’t blame yourself – it can happen to anyone. The important thing is to act as soon as possible to protect your accounts and identity.

Keep a close eye on your bank accounts and credit card transactions, email inboxes and messaging services. You should also change all your passwords or even disconnect your computer from the internet or network in case it’s been infected by ransomware. An IT specialist can help you restore all the data on your computer.

Also, you should make it a priority to notify both credit bureaus ( Equifax and TransUnion ) that you’ve been a victim of a phishing scam so that an alert can be placed in your file.

Worried that your identity has been stolen?
→ Follow our six key steps.

Fraudsters are very imaginative, and no one is completely safe from their scams. If you fall into their trap, it’s important to report it and let those around you know.

Want to find out more? Our fraud prevention page is full of other useful tips and tools.