The news often reports on situations in which high-profile individuals or corporations have been hacked, impersonated and/or otherwise fallen victim to a cyber attack. No matter what it is these hackers are after, be it money, data, or something altogether different, the loss of any personal information can be devastating for all concerned.
If you think you’re immune because you’re not a high-profile target or because you subscribe to the latest virus protection services, unfortunately, you’re wrong. Most cyber attackers don’t differentiate based on those sorts of criteria. Cyber attacks come in many different guises and they don’t discriminate.
This is why we felt it would be a good idea to review some of the most common online schemes out there to help you remain aware of and better recognize a potential cyber-attack should you be the target.
Phishing
Did you know that Statistics Canada released a 2020 report focusing on how online habits changed for Canadians in the first six months of the pandemic? The report revealed that approximately one-third of Canadian respondents had experienced a phishing attack. Not good!
Phishing is when cybercriminals pose as someone you know and trust – like a friend or family member, or as a legitimate institution like the government or a bank – to obtain sensitive/personal information. Their modus operandi is to employ deceptive emails and/or phone calls to “fish for” information – luring people into falling for a scam. These communications are carefully designed to trick you into revealing financial information, login credentials, passwords, or other sensitive data. In some cases, they may, in the process of scamming you, secretly install software (malware) that compromises your computer and the files it contains.
Not all phishing attempts are alike. Many hackers have adapted their strategies to find ways to overcome obstacles such as newer protection technology and a more sophisticated general public. People have become more diligent with their cyber protection as it turns out, thanks in part to the Canadian government’s Get Cyber Safe campaign which describes most of the latest phishing scams.
Smishing
Any phishing message sent through a text message (SMS) is referred to as smishing. Examples of smishing include such things as text messages from hackers who are posing as your bank requesting information through a link, receiving a text from (a fake) Amazon or other delivery service – FEDEX, UPS etc – alerting you that your package has arrived, or even a text message claiming to be from the Canada Revenue Agency informing you that you’ve received money or owe some – you know, just click on the link to access it or send it… (Never click on the link!)
The best way to protect yourself from smishing attacks, according to the Get Cyber Safe campaign, is to be wary of any SMS messages you receive from phone numbers you don’t recognize. Contact the source directly through a number you know is legitimate. When in doubt, visit the source’s website or call their customer service line.
Spear-phishing
This nomenclature is new to me! It turns out that spear-phishing is a more targeted approach when it comes to gleaning information from an individual. It’s phishing, but smarter, trickier and harder to spot. Spear-phishing is especially scary when you look at the effort that hackers take to personalise their message making it appear to come from a personal contact or credible source.
Whaling
These guys are not going after the everyday Canadian (or small fry, so to speak). They believe in the expression, “go big or go home.”
Just like the mammal it describes, whaling scams typically target big, high-profile individuals. Their aim is to go after, and get, large sums of money. You may wonder how high net worth individuals would fall for this trap, but according to Get Cyber Safe, the fake messages are designed to trick the target victim into believing that they have to make a legitimate payment to another organisation.
Spotting the Signs of a Phishing Attempt
We’ve identified a few points to look out for if you feel there’s a phishing attempt being made on you:
- The message’s tone or language seems suspicious. For instance: too friendly, too formal, suspiciously awkward – these are all clues. Don’t respond but don’t ignore them. If it’s from a “friend,” call them and ask if they sent it.
- Bad spelling and poor grammar. If the email’s from a corporation – your bank, a government agency – their message wouldn’t have copywriting errors. These are common indicators of phishing.
- Be wary of unexpected requests for sensitive information. Never send account numbers, PINs, or login credentials to anyone – even if the request sounds urgent.
- (DON’T) Act now or else! Scammers commonly send emails requiring immediate action. Their intention is to cause you to panic and respond immediately. Advice: DON’T reply to the email. Follow up by calling the company or person who allegedly sent the email. If there’s a phone number included in the email, don’t use it. If the email is a phish, the phone number’s probably fake too. Get the actual phone number from the company’s website.
- Suspicious email address, or the link and its URLs don’t match? If you don’t recognize the email address or if when you hover your cursor over an embedded link and the URL doesn’t match the name of the link, it may be a phishing attempt. DON’T click the link.
- Think before clicking on attachments. Even if you do believe you recognize the sender, treat any attachment requiring a download with caution. Downloads can contain malware.
