How not to get scammed: 5 essential tips for detecting email attacks

Skip to:

Have you been receiving a lot of spam lately? You’re not alone.

Statistics Canada reports that over four in 10 Canadians (42%) have experienced at least one type of cyber security incident since the beginning of the pandemic. These included phishing attacks, malware, fraud and hacked accounts. Of the 42%, around 13% reported financial loss. With more people on their computers right now, scammers have intensified their campaigns on unsuspecting individuals.

Some insidious attacks target companies and organizations as well. A common scheme is using hacked accounts bearing names of officials or higher ups in the organization. The email asks for confidential information or directs an employee to wire money to a foreign account. This highlights the importance of security training in the workplace considering that a single breach is enough to compromise an entire company or organization.

What are spam? Are they the same as malicious emails?

Spam is junk email. These are unsolicited, irrelevant emails that could land in your inbox. A lot of them offer products and services and could come from legitimate companies. These are called commercial spam. If your system has a good filter, you won’t even get to see these messages.

Spam evolved into malicious emails when these began to be sent for “phishing” or collecting personal or financial information by unscrupulous individuals. The message could be anything from fake special offers to reminders to update your account. Aside from capturing your personal data, these are dangerous because they also infect your computer with malware or viruses. These can slow down, freeze, or crash your system or monitor your Internet activity and record confidential information.

Five things to do to prevent yourself from being phished or scammed:

  1. Check the sender’s address not only the name

    First off, don’t open emails right away, especially if you don’t know the sender. If it’s from a service provider or company, look at the address – legitimate companies often use their own domain name (the name after the @) not a public email domain like gmail or yahoo. In the sample phishing email below, you’ll see that it is from hotmail (not @paypal). The more sophisticated scammer will use the name of the company after the @ sign but it will not be an exact match with company’s domain name or email address.

    It’s a good practice to flag unsolicited emails as spam or junk mail to prevent succeeding emails from the same address from landing on your inbox.

  2. Recognize if it’s spam/email scam or not

    Here are common signs of a phishing email:

    • It does not address you by name (they will use “Dear customer” or “Hi Dear”- see example below)
    • The message has grammatical errors
    • They can have the following messages:
      • There’s suspicious activity or log-in attempts in your account
      • There’s a problem with your account or payment information
      • You need to confirm some personal information
      • They’re sending you an invoice or receipt
      • Click on the link to make payments or see the status of your account
      • You are eligible to register for benefits or government refunds
      • They are offering a coupon for free items

    The message will instruct you to click a link to provide information or to apply. It can also tell you to open an attachment to review information. Look at a sample phishing email below:

    Example of a phishing or fake email from PayPal

    Image by Crysman from Wikimedia Commons, CC0
  4. Don’t click links or respond

    Make it a policy not to click on links, open attachments from unfamiliar senders, or reveal sensitive information via email. Sensitive information would include data like passwords, full names, addresses, birth dates and SIN numbers, credit card numbers, passport or immigration information, and others that another entity may use to steal your money or identity.

    Legitimate agencies that are asking for information will tell you to go to their website but not through a link. Safe websites will be encrypted, meaning information you write on there will not be seen publicly. Encrypted websites will have a small padlock icon next to its address (URL). It will also use https in its URL instead of http.

  5. Don’t comply if unsure

    Scammers are getting sophisticated and messages can look very deceiving. Some invest in buying a similar-looking domain address, or design authentic-looking logos and letterheads. They may even hack your company’s system and use familiar names in your organization.

    If you feel that something’s off, take the time to verify before you make a move. In fact, make it part of your office protocol to do due diligence before complying with requests for funds or confidential information. Call to confirm (don’t use the information in the email, search the phone number on the Internet), ask another person to look the email over, or ask your supervisor. The extra step that you take can be the difference that saves you and your organization a lot of pain and money later on.

  6. Invest in an effective anti-virus

    Install a good spam blocker and anti-virus software or have your IT install security features. Also, keep all your software and devices updated. Consider setting it to update automatically so that you’ll be protected from new security threats.

What to do if you’ve been phished

Don’t panic if you’ve responded to a phishing email or have clicked a link. You should:

  1. Gather documents or proof of the fraud (email, text, receipts, etc.).
  2. Report the fraud to your bank and/or other institutions linked to the affected account.
  3. Change your account passwords (consider using multi-factor authentication to protect your accounts).
  4. Report it to the police and get a file number. If you find suspicious activity on your credit report, update your file with the police.
  5. Monitor your bank account activity. Always check your online account or your bank statements for unusual transactions.
  6. Report the incident to the Canadian Anti-Fraud Centre by calling 1-888-495-8501 or through the Fraud Reporting System
  7. Companies and organizations, especially financial institutions have hotlines or emails where you can report fraud. Consider reporting your experience to prevent others from getting victimized.

Sources: Canadian Anti-Fraud Centre; How to recognize and avoid phishing scams, Federal Trade Commission; and Spam and phishing, National Cybersecurity Alliance. Accessed December 3, 2020.

Back to top

We'd love to hear from you!

Please login to tell us what you think.

Related Learning Activities

Week 1 – Digital Citizenship

Laptop on desk for distance learning from home

Week 1 focuses on the key concepts of the digital world. Think about your daily life and the technology you… Read more »

WorkCom_Week 4

A woman giving a presentation at work

This is our last week of Workplace Communications. This time you are in the driver’s seat. We look forward to your presentation… Read more »

WorkCom_Week 3

A woman giving a presentation at work

We have now reached week 3 of Workplace Communications! This week, we are engaging in a number of activities that allow… Read more »

Digital Skills at Work

Article thumbnail fallback

Course Description Digital Skills at Work (DSW) is a four-week course focusing on essential digital skills required to succeed in one’s career…. Read more »

Back to top

CC BY-NC-SAText of this page is licensed under CC BY-NC-SA, unless otherwise marked. Please attribute to English Online Inc. and link back to this page where possible. For images and videos, check the source for licensing information.