Have you ever received a text or an email that looked like it was from an authentic source but was asking for your personal information like your license number or bank account details? Companies are at pains to inform us that they never ask for your personal information over email or call. If you have received such a communication, you know what a phishing scam looks like.
While cyber security laws continue to evolve, cases of phishing scams have seen a steady rise over the years.
What is a Phishing Scam?
Canadian Centre for Cyber Security describes Phishing as a general term for emails, text messages and websites fabricated and sent by criminals. These communications are designed to look like they come from well-known and trusted businesses, financial institutions and government agencies. These emails and messages are aimed at collecting personal, financial and sensitive information from the victim.
There are a number of varieties of phishing scams. Here are some of the most commonly witnessed:
Types of Phishing Scams
Here the scammer sends a generic email aimed at collecting personal information of the victim. The email readsas if it is from a well-known organization. The victim can be asked to verify their personal information as a way to check for suspicious activity or transaction at an institution. It can also claim that certain company is giving away gifts or, the most common, that you have won a huge sum of money or a prize as part of a lottery.
You can be asked to click on a link that will then route you to a form that will require you to fill in personal details which may include credit card numbers, social security numbers or even passwords. It can also route you to a website or an online store. The result is the same, your personal details if shared, will become accessible to the perpetrator.
Smishing & Vishing
In this case, the email is replaced by text messages but the end target stays the same – to collect personal information of the target. If smishing scam requires text messages are used, vishing scams on the other hand, involve telephonic conversations.For example, the scammer will pose as an investigator or a representative of a financial institution and ask the target to verify their personal information on the pretext of having spotted suspicious activity.
A scam where someone fakes an email address used by a legitimate contact of the victim and pushes them to make a large financial transaction. Here the scammer usually has most of the personal information about the target. This is one the scams that impacts the victim the most, as they lose a massive sum of money.
This is a type of phishing that targets high-level executives in a company. The criminals usually take this method for tax and insurance scams. True to its name, it is a scam usually involving pretty large sums of money.
Here a scammer uses a person’s social media accounts to attack the target and gather information. The criminal may use malicious URLs,bogus websites, survey forms and such to trick the target into sharing personal information. Different posts and direct messaging can also be used to achieve this purpose.
Extent of Phishing Scams in Canada
RSA’s quarterly fraud report for the first quarter of 2020, globally, examined a total of 50,119 incidents of fraud. About 54% of these incidents werephishing attacks and 66% of these scams were directed at Canada, making it the top target country.
Furthermore, just before the Fraud Prevention Month of March 2020, the Canadian Anti-Fraud Centre released data detailing the top scams in the year of 2019.
The statistics showed that spear phishing had a devastating effect for Canada with a whopping $21.4 million in reported losses. These increasing number of cases is definitely a major issue. Now, more than ever before, it becomes important to learn how to spot such fake emails and identify what to do if you get tricked by them.
Personal information scams takes the second place only after extortion. Here, the scammer asks for the confidential and personal information from the victim, pretending to be representative from an established company, bank, or even a government agency. There have been 7,642 reported cases last year. Also, there were 5,053 reported cases of phishing where the email appeared to be from a well-known organization.
Recognizing a Phishing Scam
First and foremost, remember that most legitimate institutions will not use email or text to collect personal information. Since these means of communication can be intercepted, most companies will avoid them for such things.
Pay Attention to Details
If you have received a text or an email that requires you to urgently share your personal information, take the time to carefully read the message. Check with the organization if they have sent such a communication. In most cases the content of the email and the lack of any particular branding will reveal it to be a false communication. Read the number or the email address carefully. For example, you will realize that there are some changes in the way that the brand name is spelled. An ‘i’ will be changed to ‘e’ or a ‘t’ will be replaced by ‘d’. These subtle differences will help you identify a real email from a fake one.
The ‘s’ in URL
If the message directs you to an URL that pay close attention to the said address. Watch for the ‘s’ in ‘https’ in front of a URL. If there is no ‘s’ then it is not secure and you should not click on it, more so submit any personal information.
Be cautious of messages that:
Ask for a financial transaction
Direct you to a shady looking URL
Direct you to an online store
Come along with a fake invoice
The emails or messages might even try to lure their victims by offering free coupons and prizes for having won some fishbowl contest. Being even a little greedy in such situations can lead to more losses than benefits.
What to Do if You Fall Victim to Phishing Scam
With the number of scams growing each year, it is important to report every attempt, even if you spotted it in time and haven’t fallen for the fake message. This will ensure that the scammer is stopped and is unable to trick others. It is important as responsible citizens for everyone to stay informed.
Verify anything that looks suspicious before taking action. Report incidents and share experiences with family and friends so the word spreads. This is definitely one of the best ways to ensure that such crimes cannot be perpetrated.
Steps to Take In Case of Scam
- In case of suspected attempt, verify it by calling the organization and asking about the message, before reporting
- Think logically and don’t panic if scammed
- Gather all information, evidence, like the emails, messages, documents and links if any, regarding the fraud
- Contact the relevant institutions, like the bank in case of compromised bank account details or financial transactions
- Change all your passwords, that of your phone, email, bank accounts and any others
- Report the incident to the local police and create a file. Update any new information regarding the incident
- Report attempts to the Canadian Anti-Fraud Centre immediately
Statistics point that number of phishing scams targeted at Canadians are growing rapidly. It is common for scammers to target developed countries with excellent internet connectivity and technology but it is hard to pinpoint the exact reason why this is the top target country.Having said that, it only makes it more important than ever to maintain constant vigilance to stop such frauds from being perpetrated further.
The best thing that people and organizations can do is to be aware and have optimum protection against such attacks. This security begins with a secured internet connection. For highly secure business internet solutions reach out to us.