Have you been receiving a lot of spam lately? You’re not alone.

Statistics Canada reports that over four in 10 Canadians (42%) have experienced at least one type of cyber security incident since the beginning of the pandemic. These included phishing attacks, malware, fraud and hacked accounts. Of the 42%, around 13% reported financial loss. With more people on their computers right now, scammers have intensified their attacks on unsuspecting individuals.

Some scammers attack companies and organizations as well. A common scheme is using hacked accounts bearing names of officials or higher ups in the organization. The email will ask for confidential information. It can also direct an employee to wire money to a foreign account. This is why security training in the workplace is crucial. A single breach is enough to compromise an entire company or organization.

What are spam? Are they the same as malicious emails?

Spam is junk email. These are unsolicited emails that land in your inbox. A lot of them offer products and services and could come from legitimate companies. These are called commercial spam. If your system has a good filter, you won’t even see these messages.

Spam evolved into malicious emails when they began to be sent for “phishing” or collecting personal or financial information. The message could be anything from fake special offers to reminders to update your account. Aside from capturing your personal data, they can also infect your computer with malware or viruses. Malware or viruses can slow down, freeze, or crash your system. Some types of malware can monitor your Internet activity and record confidential information.

Five things to do to prevent yourself from being phished or scammed:

1. Check the sender’s address

   Don’t open emails right away, especially if you don’t know the sender. If it’s from a service provider or company, check the email address. Legitimate companies often use their own domain name (the name after the @) not a public email domain like gmail or yahoo. In the sample phishing email below, you’ll see that it is from hotmail (not @paypal). The more sophisticated scammer will use the name of the company after the @ sign but it will not be an exact match with company’s domain name or email address.

   It’s a good practice to flag unsolicited emails as spam or junk mail to prevent succeeding emails from the same address from landing on your inbox.

2. Recognize if it’s spam/email scam or not

   Here are common signs of a phishing email:

   • It does not address you by name. (they will use “Dear customer” or “Hi Dear”- see example below)
   • The message has grammatical errors.
   • They can have the following messages:
   • There’s suspicious activity or log-in attempts in your account.
   • There’s a problem with your account or payment information.
   • You need to confirm some personal information.
   • They’re sending you an invoice or receipt.
   • It will ask you to click on the link to make payments or see the status of your account.
   • Tells you that you are eligible to register for benefits or government refunds.
   • They are offering a coupon for free items.

   Most messages will instruct you to click on a link which takes you to a page where you have to provide information. It can also tell you to open an attachment to review information. Look at a sample phishing email below:

 


Image by Crysman from Wikimedia Commons, CC0

3. Don’t click links or respond

   Make it a policy not to click on links, open attachments from unfamiliar senders, or reveal sensitive information via email. Sensitive information includes passwords, full names, addresses, birth dates and SIN numbers, credit card numbers, passport or immigration information, and others that another someone might use to steal your money or identity.

   Legitimate agencies that are asking for information will tell you to go to their website, but not through a link. Safe websites will also be encrypted, meaning information you write on there will not be seen publicly. Encrypted websites will have a small padlock icon next to its address (URL). It will also use “https” in its URL instead of “http”.

4. Verify

   Scammers are getting sophisticated these days. Some invest in getting domain addresses that look similar to the addresses of actual businesses or government agencies. Others design logos and letterheads that look authentic. They may even hack your company’s system and use familiar names in your organization.

   Taking the time to verify before making a move is often the step that saves people from getting scammed. You can make it part of your personal or office protocol to check or ask before complying with requests for funds or confidential information. Call the company to confirm the request (don’t use the information in the email, search the phone number on the Internet), ask another person to look the email over, or ask your supervisor. This extra step can save you and your organization a lot of pain and money later on.

5. Invest in an effective anti-virus

   Install a good spam blocker and anti-virus software. Keep all your devices updated. Consider setting it to update automatically so that you’ll always be protected from new security threats.

What to do if you’ve been phished

Don’t panic if you’ve responded to a phishing email or have clicked a link. You should:

1. Gather documents or proof of the fraud (email, text, receipts, etc.).
2. Report the fraud to your bank and/or other institutions linked to the affected account.
3. Change your account passwords (consider using multi-factor authentication to protect your accounts).
4. Report it to the police and get a file number. If you find suspicious activity on your credit report, update your file with the police.
5. Monitor your bank account activity. Always check your online account or your bank statements for unusual transactions.
6. Report the incident to the Canadian Anti-Fraud Centre by calling 1-888-495-8501 or through the Fraud Reporting System
7. Companies and organizations, especially financial institutions, have hotlines where you can report fraud. Reporting can prevent others from becoming the next victim.

 
Article updated November 4, 2022.
 
Sources: Canadian Anti-Fraud Centre; How to recognize and avoid phishing scams, Federal Trade Commission; and Spam and phishing, National Cybersecurity Alliance. Accessed December 3, 2020.