Recognizing Phishing Attacks

One of the most popular social engineering types, phishing attacks are message campaigns aimed at creating a sense of urgency, curiosity, or fear in victims. These attacks encourage victims to reveal sensitive information by clicking on links to malicious websites or opening attachments that contain malware.

Safety Tips for Individuals

  • Understand the types of phishing attacks:
    • Spear Phishing: Attackers target specific individuals or groups with customized messages.
    • Whaling: Attackers target high-profile individuals, such as executives or senior management.
    • Clone Phishing: Attackers modify a legitimate email or website to appear to be from a trusted source.
    • Smishing: Attackers use SMS or text messages to deceive victims.
    • Vishing: Attackers use voice calls, usually automated, to deceive victims.
  • Boost your spam filtering defenses by activating spam filters on your messaging apps whenever possible to block potential phishing attacks before they reach your inbox.
  • Boost your phishing awareness by participating in regular phishing training to help you spot messaging scams (e.g., urgent or unusual requests).
  • Be skeptical of emails, phone calls, text messages, or social media messages that request sensitive information (e.g., credit card details).
  • Think before you click links in emails or messages from untrusted sources. Hover over the link to verify the actual destination.
  • Beware of being pressured into taking immediate action by an attacker. Take the time to think and assess the request carefully.
  • Report, block, and delete suspicious messages. When you receive a phishing message, report it immediately to the impersonated source and your IT support team (if at work), block the sender, and delete the message. Report smishing messages by forwarding them to 7726 (https://www.getcybersafe.gc.ca/en/blogs/reporting-spam-text-messages-7726), then block the sender, and delete the message. If you have fallen victim to an attack, also report it to local law enforcement authorities to limit damage.

Safety Tips for Organizations

  • Ensure that your messaging solution’s anti-phishing capabilities are up to date with strong filters to help detect and block attempts before they reach inboxes.
  • Conduct regular phishing awareness training to help employees recognize social engineering attacks. Encourage employees to verify unusual or urgent requests.

Back to Top ^