Cyber Phishing Explained

Photo d'une main tenant une carte de crédit avec cryptage des données à l'écran

We often hear of situations in which high-profile individuals or companies fall victim to cyber attacks. Whether these hackers are in search of data, money, or something else, the loss of any personal information can be devastating. Many individuals may feel they aren’t at risk for a cyber attack because they aren’t a high-profile individual or because they have the latest virus protection services. However, cyber attacks can come in many forms, do not discriminate against individuals, and though you may have the latest virus protection, it’s still a good idea to be able to recognize a possible cyber attack.

Although there are many types of cyber attacks, one of the most common is phishing. As a matter of fact, a 2020 report released by Statistics Canada, which focused on how online habits changed for Canadians in the first six months of the pandemic, found that about one-third of Canadian respondents have experienced a phishing attack.

What is Phishing?

Phishing is an attempt by cybercriminals, posing as a legitimate institution, or someone you know – like a friend or family member, to obtain sensitive information. They use deceptive emails to “fish for” information and lure people into falling for scams. These emails are carefully designed to trick you into revealing financial information, login credentials, or other sensitive data. In some instances, they may secretly install dangerous software (malware) that compromises your computer and the files on it.

Different Types of Phishing

Not all phishing attempts look the same. As technology becomes more sophisticated and the general public becomes more diligent with their cyber protection, many hackers have adapted their strategies to find ways to overcome these obstacles. The Canadian government’s Get Cyber Safe campaign has identified the most common forms of phishing.

Smishing

Smishing refers to any phishing message sent through text message (SMS). Examples of smishing include, but are not limited to, text messages from a hacker posing as your bank requesting information through a link, receiving a text alerting you that your package has arrived, or even a text claiming to be from the Canadian Revenue Agency informing you that you’ve received money. According to the Get Cyber Safe campaign, the best way to protect yourself from smishing attacks is to be cautious about any messages you receive from phone numbers you don’t recognize. If you’re unsure whether the text you’ve received is legitimate or not, be sure to contact the source directly through a number you recognize to be legit (i.e., by visiting the institution’s website).

Spear Phishing

Spear phishing is a more targeted approach to gathering information from an individual. What makes spear phishing especially frightening is the effort that hackers take to personalize their message to have it appear from a credible source. See the tips below for ways to protect yourself from phishing attempts.

Whaling

This form of phishing typically targets high-profile individuals with the goal of requesting large sums of money. Now, you may wonder how individuals may fall for this trap, but according to Get Cyber Safe, the fake messages are designed to trick the victims into thinking that they must make a legitimate payment to another organization.

How to Spot the Signs of a Phishing Attempt

Allstate Canada wants to ensure that its customers remain in good hands. So, the Cyber Security team has developed tips to help spot the signs of a phishing attempt.

  • Tone or language doesn’t seem quite right. Unfamiliar language or, a tone from someone you know that’s too friendly or too formal, are all clues. Don’t ignore them. Take a closer look.
  • Typos, spelling or grammar errors. If the email isn’t from your five-year-old nephew, these are all common signs of a phishing email.
  • Act now or else! Emails that require immediate action are commonly used by scammers. They’re hoping you’ll panic and respond immediately. Don’t reply to the email. Follow up by calling the company or person who sent the email. If there’s a phone number included in the email, don’t use it. If the email is a phish, the phone number is probably fake too. Get the actual phone number for the company from their website.
  • Suspicious email address or link and URLs don’t match. If you don’t recognize the email address or if you hover your cursor over an embedded link and the URL doesn’t match the name of the link, it maybe be a phish. Don’t click the link.
  • Treat attachments with caution. Even if you recognize who the email is from, it’s always best to treat any attachments with caution. Hackers often embed their phishing emails with malware downloads.


Tips for Protecting Yourself from Phishing Attempts

The Allstate Cyber Security team has also developed tips to help protect yourself from phishing attempts:

  • Think before you click. Don’t automatically trust any email or text message, especially if it sounds frightening or too good to be true. Company logos, senders’ names and email addresses are often faked by scammers.
  • Be wary of unexpected requests for sensitive information. Never send account numbers, PINs, or login credentials to anyone – even if the request sounds urgent.
  • Verify attachments before opening or downloading them. Even if an e-mail or text message appears to come from a person or company you trust, don’t open unexpected attachments. Always verify that the file is legitimate through a different means of communication, such as a phone call.
  • Verify URLs by hovering over them. If the e-mail includes a hyperlink, a quick way to check its legitimacy is to hover over the URL. Once your mouse is hovered over the link, the full URL will appear. If it seems suspicious, don’t click it.

For more tips and tricks visit: www.getcybersafe.gc.ca/en/cyber-security-awareness-month

This information has been provided for your convenience only and should not be construed as providing legal or insurance advice.