UNDERSTANDING PHISHING AND SMISHING

Wednesday, November 1, 2023

Think twice before you click, submit, pay, download, or reply!

Phishing describes fraudsters attempting to trick users into doing ‘the wrong thing’ – such as clicking a bad link that will download malware or direct them to a dodgy website. Phishing can be conducted via text message, social media, or by phone, but the term ‘phishing’ is mainly used to describe attacks that arrive by email. Phishing emails can reach millions of users directly and hide amongst the huge number of benign emails that busy users receive. Attacks can install malware (such as ransomware), sabotage systems, or steal intellectual property and money. Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. You might get an unexpected email or text message that looks like it’s from a company you know or trust, like a bank, a credit card or utility company, or even an online payment website or app.

Smishing is a type of phishing scam where cyber criminals try to trick you by sending fraudulent SMS or text messages. They often pretend to be a real business (such as a bank or delivery company), a government department, or a person you know. During the COVID-19 pandemic, scammers have even pretended to be from assistance programs, like the Canada Emergency Response Benefit (CERB) and the Canada Recovery Benefit (CRB), to target vulnerable Canadians. Smishing messages will often try to get you to click on a link, which may contain malware or lead to a spoofed website. If you click on the link, cybercriminals can then steal your data, your money, or even your identity.

The message could be from a scammer who might:

  • Say they’ve noticed some suspicious activity or log-in attempts — they haven’t.
  • Claim there’s a problem with your account or your payment information — there isn’t.
  • Say you need to confirm some personal or financial information — you don’t.
  • Include an invoice you don’t recognize — it’s fake. Want you to click on a link to make a payment — but the link has malware.
  • Say you’re eligible to register for a government refund — it’s a scam.
  • Offer a coupon for free stuff — it’s not real.

Most phishing/smishing attacks create a sense of urgency in the message and encourage you to respond right away. They may send threats, like claiming they’ll close your account, or offer a time-sensitive reward, such as a prize for a contest you didn’t enter. But no text is ever that urgent — take your time when evaluating a potential smishing message.

Many phishing/smishing messages appear to be from a trustworthy and reliable source, like your bank or another business you know. Always be cautious, even if you think you recognize the business that the message is from.

To protect yourself from Phishing and Smishing use the SHADY? approach:

SECRET: Always keep your personal information secret, especially over email. Check with the sender by contacting them through another medium, like telephone, to confirm that they did in fact send you that email/text.

HOVER OVER A LINK BEFORE CLICKING IT: Hovering over a link lets you see where it points. Never click a link to any financial website, type in the address each time.

ATTACHMENTS SHOULD NOT BE CLICKED: Do not click on attachments if you are not expecting them. Even documents may contain a virus that can do damage to your device, track keystrokes, and compromise your information.

DIFFICULT PASSWORDS: Complex passwords help prevent people from hacking your accounts. Passwords should be strong, difficult to guess, and different for each system.

YOU SHOULD ASK YOURSELF WHENEVER YOU GET AN EMAIL/MESSAGE: Was I expecting this? If not proceed with caution or delete immediately.

? QUESTION: Always question electronic messages, especially if it is making promises or threatening action.

Check out this video for more information on How The “SHADY?” Technique Can Help Prevent Phishing and Smishing

If you know, or think you have been a victim of internet scams, phishing or cyber-attacks or your banking information has been compromised, contact your financial institution immediately and report it to local authorities.

You can also contact the Canadian Anti-Fraud Call Center at 1-888-495-8501.