What is Phishing and How Do You Protect Yourself From Getting Hooked?

In our increasingly connected world, there are many fraudsters out there who would like you to part with your money and private information. One particularly worrisome scam to many Canadians is called phishing. In fact, according to one study, more Canadians are worried about cons like phishing than vehicle thefts, break-ins and plane crashes. And one quarter say they have clicked on a link that led to a phishing scam.

What is phishing?

Phishing is a scam in which malicious individuals or groups try to get your personal or financial information, such as passwords or credit card numbers, or to install malware (malicious software) on your computer by posing as a trustworthy source, usually through email or instant messages. And, unfortunately, it’s very common. A worldwide study of scams found Canada ranked 7th for phishing attacks and saw an average of one phishing email in every 4,308 emails. Considering the total number of business and consumer emails sent and received per day will exceed 293 billion in 2019, it’s easy to see why phishing is a big problem.

How does it work?

Phishing can take many forms but often will consist of emails pretending to be from a legitimate business, bank or government agency. You might be asked to confirm personal data by clicking on a link to a phoney website, which often looks like the real thing, or providing personal account information. There are quite a few examples of emails supposedly from the Canada Revenue Agency, which notify the recipient about a supposed tax refund. The emails link to a fraudulent website and request the user to fill out information on a form to access the refund.

How can you spot it?

Phishing emails are designed to look like the real thing, but there are telltale signs to watch out for.

  • The information being asked for is unsolicited and too personal. A bank would never ask you to disclose your credit card number and the Canada Revenue Agency does not send emails to Canadians.

  • The tone is urgent. An email that demands that you act right away or there will be penalties or your account will be closed is likely a scam.

  • There are mistakes such as grammar mistakes or spelling errors. One common error is a $ sign after an amount instead of before.

  • It has a generic address in the message such as Dear Customer.

  • The links are fake and don’t match the actual organization it claims to be from.


What can you do to protect yourself?

The most important thing you can do is to be alert and take these steps to prevent being phished.

  • Don’t click on links or open attachments from someone you don’t recognize as they can contain viruses.

  • Look for spelling errors or odd typos in the email.

  • Never share personal information such as a credit card number.

  • Protect your computer with anti-spam, anti-virus and firewall software.

  • Check any embedded link by hovering your mouse over to check the address instead of opening it.

  • Regularly monitor your bank and credit card information for any suspicious activity.


What if you’ve been phished?

  • If you have filled out personal or financial information, change your passwords and contact your bank or credit card company right away.

  • Report the scam to authorities, such as the police, Better Business Bureau or the Canadian Anti-Fraud Centre.


If you learn to recognize the signs of phishing scams, you can protect yourself from taking the bait if they land in your inbox.

By Michelle Janzso

March 15, 2019

Staples Canada