A phishing attempt is a method by which hackers pretend to be people or companies. They attempt to obtain sensitive data such as passwords and personal information.
Common forms of phishing
- By e-mail or text message (Smishing): The user receives a message that appears to come from a credible source, such as the Canadian government or an online store. The message may contain an infected attachment or a link to a fake website requesting personal information.
- Vishing: Fraudsters call a person’s phone, posing as a trusted entity such as a bank, to extract sensitive information.
- Spear phishing: Fraudsters personalize their messages using information they have found online, on social networks for example, to make their communications more credible and convincing.
- Pharming: This technique redirects the browser from a website to a fraudulent site without the user realizing it.
How to recognize a phishing attempt
- Suspicious e-mail addresses: Phishing e-mails often come from addresses that resemble those of legitimate companies, but with slight modifications. For example, instead of “service@RBC.com”, you might see “service@RBCbanq.com”.
- Unjustified urgency: Fraudsters create a sense of urgency to push the user to act without thinking. Messages like “Your account will be suspended if you don’t act immediately” are common.
- Spelling and grammatical errors: Official e-mails are generally better written. In the early days of phishing, errors were glaringly obvious, but with the advent of artificial intelligence, text in communications can seem perfect, and even misleading. Remain vigilant, however, as errors can indicate a phishing attempt.
- Requests for personal information: Legitimate institutions will never ask for passwords, credit card numbers or other sensitive information by e-mail.
How can you avoid falling into the trap?
- Beware of communications that ask for personal information.
- Take the time to read messages before clicking on a link or attachment.
- Make sure that the site address begins with “https://” and that a padlock appears in the address bar. This is the case most of the time, and if the SSL (Secure Sockets Layer) certificate protecting and authenticating the website expires, there will be an indication on the padlock that there’s a problem.
- If you have any doubts, call or e-mail the company, using the actual contact details available on their website.
We know that phishing is a real threat, but by staying informed and vigilant, you can protect yourself. Always take the time to read the communications you receive and ask yourself the right questions. If you’re an SME, don’t hesitate to contact us for more information on cybersecurity (in french only).