Like a fisherman sets out to catch some unsuspecting fish with juicy or flashy bait, criminals use tempting or urgent sounding emails, texts and social media messages to lure you in.
Phishing is a fake email, text or social media message with the intent of having you click on a link or open an attachment. By doing so, the criminals are hoping to get you to change your password so they can access your information, get into your computer to find your financial information, or infect your phone, tablet or smartphone with malicious software allowing them to see everything you do.
Ultimately, they're looking to get your money and are unrelenting.
The Canadian Anti-Fraud Centre warns that phishing is the top scam for 2017, with text message phishing already resulting in 902 complaints, 165 victims, $66,848 is losses and for email phishing, 1,998 complaints, 901 victims and $67,212 in losses ($855,021 in 2016).
It's estimated that only 5% of Canadians report when they've been a victim, so the numbers are actually much higher.
Here are some examples of email phishing:
- A message asking you to click a link to view a statement (often a bank statement, for example)
- There's a problem with your order or invoice and you need to click the link or open the attachment
- A funny joke from what seems like a friend or coworker that conceals a malicious link or attachment
- Your refund awaits or there's money waiting for you from a lottery or other source. The fraudster is asking you to visit a fraudulent website, click on an attachment or wire money to receive a cash prize (that never arrives)
- Your bank account has been frozen and you need to click the link immediately to rectify the situation
- A text message with a link telling you your account has been compromised
This is only a very small sampling of some of the ways scammers are trying to trick you with phishing.
What should you do/not do?
- Never click on a link from an email or open an attachment that you're unfamiliar with
- Even if the email comes (seemingly) from someone you know, be very cautious opening attachments and clicking on links. When in doubt, contact the person directly to ask if they legitimately sent it
- If you feel you might have an issue with your bank account, a merchant account, the Canada Revenue Agency or more, contact those institutions and companies directly, either through their website or call them. Don't click the link provided
- If you've clicked a link or attachment that you're worried has infected your computer, do an anti-virus scan and/or get the help of a computer technician
- If you accidentally gave away financial information or were on a website where you revealed a password or financial information, contact your bank or credit card company and the Canadian-Anti Fraud Centre. Also, check your credit report, and if you think you've been compromised, have them flag your account for fraudulent activity: equifax.ca and transunion.ca