What is Phishing?
Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.
Always, Always Think Twice Before Clicking
- At the heart of phishing is a scam; the people who are sending a phishing email are clever email marketers who know how to get a user to engage
- Often, they do this by preying on your emotions
- Experts recommend is to listen to your gut. When something feels off, it probably is.
- The whole point of phishing (and its more tailored and targeted counterpart, spear-phishing) is to get you to do something without raising alarm bells
- You need to practice skepticism even when things seem fine
- You should be generally reluctant to download attachments and click links, no matter how innocuous they seem or who appears to have sent them
- We are conditioned to try to help people and be nice when something is being asked of them, when there’s some sort of call to action
- Think about the context of what the sender is asking you to do. If there’s a sense of urgency be a smart skeptic and slow down
Consider the Source
- Phishers will always try to make their messages look and sound like they come from a legitimate entity, whether they’re emulating the look of a familiar Amazon account recovery email or pretending to be a new national Covid-19 testing service
- Phishing emails and text messages may look like they’re from a company you know or trust
- They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store
- Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment
- Knowing where a message came from is particularly important, and difficult, when attackers send spear-phishing emails that really look like they’re from your friend or your bank
- Things get even more complicated in cases when a legitimate-looking email address is being spoofed or the messages actually arefrom the entity they claim, because attackers have taken over a real email account or phone number
- Attackers might actually start originating their phishing emails from people you know
So, what can you do about this?
- First, scrutinize the address an email says it came from and the text of any URLs it contains to weed out email@example.com from firstname.lastname@example.org
- Again, if something feels weird about a message that someone you know sends—especially if it has a request in it—there’s a real possibility that they’re being impersonated or have been hacked
- Reach out to them on a different platform—or pick up the phone and call—and ask if they sent you a message
- Use a Password Manager – As annoying as it might be, these protections really do help, especially against phishing
- Be aware. Protect Yourself. Stay vigilant.
Still interested in this topic? Get Cyber Safe is a national public awareness campaign created to inform Canadians about cyber security and the simple steps they can take to protect themselves online. The campaign information and resources can be found at this link: https://www.pensezcybersecurite.gc.ca/en/home