Phishing Scams: The Best Ways to Protect Yourself
Thursday, 20 October 2022
In today’s digital age, we use email, text, and messaging tools to perform work and day-to-day tasks. After a long workday, we continue to interact digitally on various social media channels, making the majority of our day an online experience! Are we haphazardly assuming that these digital communication methods are safe?
While we choose these tools to improve the efficiency of work and life, unfortunately, these same forms of communication can be used to our detriment by scammers. Security experts call it “Phishing.”
What is Phishing?
Phishing refers to criminals attempting to trick you into revealing personal information online or over the phone. The end goal can be to steal passwords, financial information, direct funds, or full-on identity theft.
Ways to Identify Phishing Scams
Luckily there are a few dead giveaways for most phishing scams. If an email seems even a bit suspicious, stop and look for the telltale signs:
- The email is sent from a public email domain. It is extremely rare for any legitimate organization to send from an address that ends '@gmail.com’ or ‘@live.ca.’
- The domain name is misspelled, or the logo is blurry.
- The message is in broken or poorly written English.
- The email contains links that take you away from the message.
- The message creates a sense of urgency.
Popular Phishing Scams
Unfortunately, there are far too many examples of online phishing scams to list in this blog. Criminals are getting more intelligent and creative in how they trick innocent people. Besides online email scams, scammers are still using phone calls as a method for you to divulge personal information over the phone.
We will discuss some examples of typical phishing scams popular among scammers. However, if you are unsure about an email or phone call, we recommend visiting the Canadian Anti-Fraud Centre website for a comprehensive list of all known scams.
The Fake Invoice Scam
One of the most common phishing scams is the “Fake Invoice” email. Like other phishing attacks, this scam uses urgency to pressure the receiver to pay for goods or services they never received.
The “Upgrade Your Account” Scam
Phishing attackers often impersonate popular companies like PayPal, Netflix, tech companies, and banks. They assume that you are a user of said company and offer an opportunity to upgrade your account. Once you click the link and enter your personal and credit information, they’ve successfully stolen from you.
Pro Tip: Hover over the link when asked to give personal details – as the text itself often doesn’t represent the link’s true destination.
Good Samaritan Advance Scam
You may have already been on the receiving end of a foreign national begging for help recovering a substantial amount of money or some other elaborate story.
In the message, the scammer will offer you a reward for helping them out. Not only will you never see a dime from this tough-on-his-luck prince, but you will also never see your money again. Rest assured, this person’s only enemy is themself.
Google Docs Scam
One of the most recent, high-profile phishing techniques, the Google Docs scam, offers an extra sinister twist as the sender can often appear to be someone you know.
A newer, more sophisticated scam uses a well-executed email that encourages users to click on its link in order to view a ‘document.’ This link will take you to a nearly identical Gmail login page. Once an account has been selected, you’re then requested to grant access to your Google account, which gives the hacker access to all your passwords and important documents.
Message From CEO or HR Phishing Scam
At work, most phishing attacks come in the form of emails attempting to impersonate an internal communication. Criminals use this tactic to develop trust and create a sense of urgency. An unsolicited email that claims to be from your IT department, HR, or CEO can seem important – especially when you are asked to click on something right away.
Financial Institution Phone Call
Not all scammers rely on email. Text and phone call scams are increasingly popular. Often the scammer will identify themselves as someone from the CRA or your bank, stating that you owe money. They may leave a voicemail saying you need to call back immediately before your accounts are closed or are placed on a wanted list with the police. Remember that any call with an extreme sense of urgency should make you step back and assess.
Often calls are easier to identify as suspicious based on the call quality or number. If you receive a call, it’s easy to cross-check by hanging up and contacting the bank or CRA directly from the valid number on their website. If your account is indeed flagged, they will be able to tell you.
What to Do When You Suspect a Phishing Scam
When you suspect that an email or call may be a scam, you’ll want to take the appropriate action.
- Stop! Do not click, call back, or provide any personal information.
- Hover over links with your cursor (don’t click!) to reveal the actual URL. For mobile devices, a “long press” will display the URL.
- Locate the “root domain” (e.g., www.thebig.ca is ours) in the URL path, and check if the root domain is the same as the authentic organization from which the scammer claims to be.
- Analyze the communication by determining the origin of the email and the destination any links claim to take you.
- Test the validity of the request by looking up the sender or calling the actual institution before clicking any attachments.
- Verify the source by going to the actual organization’s website to see what emails and URL paths they use.
- Online scam prevention resources are constantly updating information about the latest scams. Use these to cross-check for any similarities in your potential phishing email.
What To Do If You are a Victim of a Phishing Scam or Identity Theft
If you fall victim to an attack or suspect your identity has been stolen, you must act immediately to protect yourself. Depending on the type of information that is potentially compromised, you should consider the following actions.
- Keep a record of all your recent transactions.
- Alert your financial institution and place holds on your credit cards.
- Contact your local police department to report the incident.
- Notify your financial institution(s), so they can place fraud alerts on your credit files.
- Reach out to Equifax or TransUnion to protect your credit score.
- Contact Service Canada if your SIN number has been compromised.
- Notify the Canadian Anti-Fraud Centre to receive the next steps.
Do I Need Identity Theft Insurance?
Fortunately, there is some protection you can receive through identity theft insurance. This additional coverage on your property insurance policy provides an extra layer of protection against phishing scams and identity theft.
In the case of identity theft, insurance may cover many out-of-pocket expenses. This could include legal fees, lost wages, and other expenses (mailing costs, phone bills, notary fees, etc.) associated with resolving identity theft.
Check with a BIG broker to see if you are covered or add it to your policy for a minimal cost.
Protect Yourself Against Phishing and Identity Theft
Today, phishing attempts can occur on any electronic messaging application, whether it is email, SMS text, or social media messaging.
Phishing can be sophisticated enough to evade IT security and land in your inbox, leaving you as the last layer of defense in protecting yourself at home or work. Attachments are now just as dangerous as links because malware only requires a single click to run on your computer. The latest phishing attacks require the victim to merely click once to download malware on their machines. Ultimately, the best way to protect yourself from phishing is not to click anything in an unexpected message.
If your identity was stolen as part of a scam, contact the RCMP Phonebusters by email at firstname.lastname@example.org or call 1-888-495-8501.
Prevention against phishing and identity scams starts with education! Share this post with your network of friends and family members to help them avoid falling victim to online phishing. If you want to add identity theft coverage to your property insurance or are just looking to save money on your insurance, we’d love to help! Start your quote here.