Phishing Scams In Your Emails
April 22, 2019
What are phishing scams?
Anytime you register for an account, make an online purchase or book a dinner table through an online reservation, you are entering your email onto a system database somewhere. This information is easier than ever for scammers to collect your information and target you. We are here to help you become aware of what types of phishing scams exist, how to detect them and what actions to take. You’ve most likely already received one and just haven’t realized it.
Examples of Phishing Email Types:
Your work email is where you would most likely be communicating with actual people. So sometimes the phishers use that to disguise their scam, where the Sender field would be a name of a person in the company, a coworker or even a manager or CEO, and the message would be a request of some kind.
- An email from your CEO requesting that you are sending them all the money wiring information of the past month.
- Message from coworker requesting your personal contact info in order to speak to you about a project.
Your personal email address is probably more open-ended so it’s hard for the scammers to create a scenario that would seem natural coming from a random contact of yours, so they use corporations, and fabricate a situation that seems more legitimate such as:
- An email from your bank saying you have an offer and you would need to enter your account information.
- A webstore you recently made a purchase from, saying there was an issue with the payment method provided asking you to send your credit card information.
- A platform you have an account with, e-mails you to tell you your password is expiring and you must reset it ASAP or you will lose access to the account.
So you’ve seen some examples and you’re probably thinking, but what if my coworker actually needs to meet with me? Or what if I actually do need to reset my password? Don’t worry, there are plenty of ways to double check if the email is coming from who it really says its from.
Poor layout and grammar.
Keep an eye out for poor grammar or spelling. Especially if the email was meant to come from a reputable company, think banks, tech companies, universities, then that’s a sign that something isn’t right. Also, look for signs of inconsistency in formatting and a variety of different fonts and sizes. Emails that would really come from an official company would have a specific overall style and would be neat and clean of any errors.
Sometimes errors in spelling or grammar can be too minuscule to notice, so a good giveaway would be to look at the URL. Look in both the sender email itself or the link provided. Check for any weird numbers or symbol that wouldn’t belong. For example, “.co” or “.bz” instead of “.com” or “.ca” are usually a sign that it’s not the real company. ‘firstname.lastname@example.org’ would be a fake email address. Remember that, especially for tech giant’s like Microsoft, organizations often have clean and concise contact accounts.
Request for personal information, or a wire transfer.
What scammers are primarily after is money. They will attempt to ask for it directly by pretending they need a specific amount wired to a certain account. Or they will go the less direct way and just phish for your personal and banking information, which they can use to access your bank account and withdraw from there.
Phishers will emphasize their request with a sense of urgency, often providing a deadline with dire consequences. Examples are the promise of a reward or a prize if their request is met in time, or a threat of a criminal charge if you don’t meet the deadline. Examples include: YOU MUST TAKE ACTION IMMEDIATELY OR YOU WILL BE LOCKED OUT OF YOUR ACCOUNT.
Doesn’t specify you by name.
Greeting with “Dear Customer” or something similar, although some of the more sophisticated forms like spear phishing would be able to obtain your basic information to customize it and make it seem like they are personally contacting you.
Learn the appropriate protocol once encountered
Don’t click on links, don’t reply, don’t download attachments, don’t provide personal information… but mistakes happen! These emails are sometimes so well-disguised that you could have done any of the above actions, before realizing it was fake. Once you do, take the appropriate counteractions!
Assuming that you have downloaded an attachment or clicked a link, immediately run any anti-malware software. This will scan and for any viruses that could have penetrated the system.
Contact your bank.
If your credit card information was provided, immediately contact your bank and let them know. They will let you know of any unusual activity, or will simply disconnect the account and get you a new card. You should also contact a credit bureau and inform them that your account might have been compromised.
Change the passwords to all your accounts, and make sure they are strong. Also, ensure to log out of any devices you’ve used that are not your own.
Although you may learn from your mistakes, others could be vulnerable to make the same mistake! There are plenty of online resources and forums where you can submit your incident and read up on similar incidents. You should also report it to the Canadian Anti-Fraud Centre through phone or online.
Related Insurance Resources
Whether you’ve spent time on a track or have seen it in a film (Rush, anyone?) – odds are you have seen auto racing flags waving proudly. But what do the flags actually signify?