sharks made out of binary code
Scam Prevention
Canadian Bankers Association

How phishing has evolved and three new ways to respond

Summary Points

Article

We all might think we can spot a phishing, or fraudulent, email a mile away but cyber criminals are constantly changing tactics to try and trick you.

Phishing scams continue to be the most common form of attack in the cyber threat landscape with the Canadian Anti‑Fraud Centre (CAFC) reporting that Canadians lost more than $40 million to online scams last year most of which were phishing related. And digital fraudsters show no signs of slowing down their phishing with attacks proliferating amid the widespread shift of many Canadians to spend more time and money online because of the coronavirus pandemic.

So how do you spot the latest forms of phishing? Here are a few tips:

  • Put your guard back up. While there are still phishing emails with spelling and grammatical errors, this easy way to spot fake emails is now less common. The increasing sophistication of phishing attacks means that more fraudulent emails look very similar to the real thing.
  • Just because it’s personalized, doesn’t mean it’s legitimate. Many phishing attacks are large campaigns aimed at anyone who will click on a link, but targeting is increasingly common. Spear-phishing, such as in the CEO scam, targets specific individuals with emails that are personalized and that imitate known individuals to trick you into clicking on a link or performing an action, like sending a cheque or providing banking information.
  • Current events are a common topic - Scammers read the news like everyone else and pandemic-related phishing fraud remains a threat. The CAFC reports that Canadians have lost $7.6 million to pandemic fraud so far this year. If an email arrives in your inbox with info about an unofficial contact tracing app, COVID-19 tests or vaccines for sale, or requests for money to support COVID-19 patients or research, it’s a scam.

New ways to think about phishing emails

While you should always be on the watch for the red flags of a phishing message, here are three new ways to think about those suspicious emails that land in your inbox or arrive as texts on your phone:

  • The door knock. If a stranger came to your front door, threatened you and demanded your bank or credit card information, would you panic and hand it over? You’re more likely to slam the door and call the police – most often you wouldn’t even open the door! Think about phishing emails the same way – don’t engage with the sender and never provider personal or financial information. Statistics Canada recently found that one in three Canadians received a phishing email last year. Remember, if an offer arrives in your inbox that sounds too good to be true or if an email tries to scare you into acting, report it and then delete it.
  • The nosy barista. If the barista at your favourite cafe handed over your morning coffee and told you that the manager of your company really needed you to wire transfer a large sum to a special account, would you be a little suspicious? Think about that personalized email you received that looks like it comes from someone you know the same way. Small business owners and managers are particularly good targets for scams like Business Email Compromise fraud.
  • Trust no one (when it comes to email). If you receive an email asking for personal information or to "pay custom fees" for a package you’re expecting, would you respond immediately, no questions asked? Take the extra few minutes and track your order through the service provider instead – it might save you becoming a victim of a common scam.

The evolving nature of phishing attacks means that fake emails are just harder to spot. But don’t worry – it is possible to avoid becoming the victim of even the most sophisticated scam.

Think of cyber criminals as if they are really smart email marketers. They know all of the social engineering tactics that might work to get you to fall for their scam. Be skeptical and if something feels off trust your gut. But also, be suspicious even when the email or text seems reasonable. Always be reluctant to download attachments and click links, no matter how harmless they seem or who sent them.

Sign up for the CBA’s free fraud prevention newsletter to learn about the latest scams and download your copy of the CBA’s Cyber Security Toolkit for Consumers.


Related Articles