Emailing allows us to communicate quickly and efficiently around the world, but it’s downside is that it exposes us to threats that can range from the mildly annoying to the devastating for your finances, credit score, reputation and career. Phishing is the most common type of email scam. It consists of someone getting you to divulge sensitive and private information, such as user names, passwords, bank account or credit card details, SIN numbers, etc.
Here are a few things you can do to try to avoid receiving phishing emails:
- Scammers must get hold of your email to target you. Don’t share or publish your address widely. Also, don’t use an address that is easily guessable.
- Scammers are sometimes able to steal companies’ contact lists. Keep a separate account for signing up with mailing lists and other subscriptions, then scrutinize the mail sent to this address especially closely.
- Utilize your email program’s spam function to siphon suspicious messages into a separate folder, then scrutinize the mail quarantined there especially closely
For those phishing emails that still get through, the scams are not hard to spot if you know what you’re looking for. However, they can cloak themselves in innocuity and often seek to prey on our hopes and fears.
Here are the common indicators a message is probably a phishing scam:
- The email purports to be from an established company such as a bank, PayPal, a credit card company, etc. but the sender’s address does not look like a corporate address. It was sent from someone you know but the content doesn’t make sense given your relationship.
- The message says you’ve won a contest you never entered or offers a business opportunity you didn’t solicit. It outlines a deal or exchange that sounds too good to be true or that requires some sort of deposit or other up-front payment.
- There are spelling and/or grammar mistakes. The email reads as though it was written by someone non-fluent or was run through translation software.
- It contains a link where you must go to enter confidential information. When you hover your mouse over a link, the address doesn’t look like it’s for the company or organization you expect, includes additional numbers or characters and/or doesn’t go to a secure site beginning with https://. The email contains a zip or other type of file attachment.
- The message requires urgent action and/or threatens that an account will be suspended. The sender says that your security or password has been compromised and needs to be verified or reset.
If you’re ever unsure whether an email is phishing, don’t hesitate to contact the purported sender. However, make sure you do so by other means that replying to the suspicious email itself. If the message is fraudulent, you’ll only be asking the scammer if they sent you a scam! Independently look up the company’s email address and send them a message in a brand-new thread, or just give their customer service line a call.
Once you’ve concluded that an email is phishing, you should take the following steps:
- Absolutely do not follow any of the directives in the email or open any links and/or attachments.
- Delete the message immediately.
- Add the sender to your email program’s banned/spam list.
- If the phishing came via someone you know, inform them they may have a virus on their computer.
If ever you do fall prey to phishing, don’t feel ashamed. Phishing is almost impossible to eradicate and as the internet gets more sophisticated and widespread, so do the scammers. Even the brightest and most-educated can be fooled. In 2015, more than 20% of the CRA’s employees fell for a faked phishing email – and that’s even after they’d been notified that such a security test would be taking place!
If you find yourself a victim, you also shouldn’t panic. Being fished doesn’t necessarily mean that your identity is going to be stolen. Furthermore, there are things you can do to mitigate the damage of having unwittingly shared your information. They are:
- Change your password and/or get a new card with the affected institution. Make the new password/PIN something completely different from the previous and anything you’ve used before.
- Phone or visit the affected institution in person to let them know that you were phished. They may be able to place an alert/temporary hold on your account.
- Contact the credit bureaus to place a fraud alert on your credit report. Also consider paying to run your credit report regularly over the next year to make sure that someone isn’t opening new accounts or loans in your name.
- Scrutinize your all your legitimate accounts and statements carefully for the next several months. Keep all your non-cash purchase receipts and reconcile them against your credit card and bank statements. Report any suspicious transactions immediately.
- If you clicked on a link or opened a file, disconnect the computer from the internet and run a full malware/virus scan to make sure nothing harmful was downloaded onto the unit. If it was, have it removed and consider getting a professional to look things over before using it again.
- Contact the local police via their non-emergency number to file a report.