Phishing is a very widespread form of fraud and the preferred entryway for cybercriminals. It invades our inboxes, shows up in our text messages and spreads confusion among even the most cautious among us. This article is intended to answer your questions about how phishing works, how to protect yourself and how to spot fraudulent messages so that you do not get caught.
Phishing is a kind of fraud used by cybercriminals to access their victims' computers, steal confidential information, extract money and more. Among their most common techniques are pretending to be an established organization, whether a financial institution, an ecommerce platform, an administration, a mail service or any entity likely to have private data.
In addition to pretending to be large organizations, phishing more generally involves manipulating victims and abusing their trust. Malevolent individuals may also write to you in the name of a friend, colleague, partner, supplier or an unknown individual.
In 95% of identified cases, phishing attempts were perpetrated by email – the remainder took place on websites, via text message or even by telephone. Most people targeted receive a message that very closely resembles a real one and are invited to open an attachment, go to a redirect page or click on a link, which obviously are all fraudulent.
Phishers are skilled at luring in Internet users. From the logo to the signature, malicious emails imitate virtually all the features of the brands, services or contacts with whom we regularly exchange messages. Some of these messages are even more deceptive because their content is very contextualized: they refer to a specific subscription, our income taxes in March or ordering items during the Holidays.
Messages may even be written with impeccable spelling and grammar. The presence of spelling errors, which previously could make you suspicious, is no longer always a reliable indicator.
When you click on a fraudulent link, you are redirected to a page that, for example, looks like the interface of your bank, and prompts you to enter codes or card numbers, claiming that a verification or update is required. This is called data theft.
When you click on a fraudulent file, malware can install itself on your computer without anything necessarily appearing on the screen, leaving the user unaware. Victims are exposed to various risks, including:
Through a lack of attention, vulnerability or lack of knowledge of these practices, anyone can be tricked, and there is no need to be ashamed. Even after you've fallen into the trap, phishing is difficult to detect.
What should you do if you suspect your data have been stolen?
What should you do if you are the victim of a ransom attempt?
The main advice to follow given a suspicious message is: be skeptical, stop and think. When a message intrigues us, you can feel compelled to click to find out more, and in your rush, forget to be wary. However, knowing when to be skeptical is an indispensable "survival" skill for going online. Although phishing emails are more and more carefully crafted, most of the time, there's something suspicious about them.
Read your emails carefully, and if you have the slightest doubt, take a few moments to analyze the context and ask yourself:
> Why am I getting a tracking number when I didn't order anything?
> Why am I being urged to act immediately?
> Why would I need to update confidential information?
> Why would they be threatening to close my account?
These are common examples but are far from an exhaustive list! Cybercriminals dream up all kinds of schemes, most of which appear unusual, unjustified, insistent or alarmist. Trust yourself. If a request seems surprising to you, that's probably a bad sign.
If you think that you've identified a phishing attempt:
And preventive measures are always essential:
The major difficulty with phishing is the multiple forms it can take. Being wary of a message about a big win in an obscure sweepstakes is easy but detecting a fake email from a site that you've visited quite recently is much less so. If you add to that the fact that malware can operate silently for months, it is clear that the best tactic is to simply not let yourself be trapped. Prevention requires vigilance from everyone including digital platform owners. Share these best practices with people around you and supplement your knowledge by learning how to protect your passwords and credit cards.
Legal disclaimers
Any reproduction, in whole or in part, is strictly prohibited without the prior written consent of National Bank of Canada.
The articles and information on this website are protected by the copyright laws in effect in Canada or other countries, as applicable. The copyrights on the articles and information belong to the National Bank of Canada or other persons. Any reproduction, redistribution, electronic communication, including indirectly via a hyperlink, in whole or in part, of these articles and information and any other use thereof that is not explicitly authorized is prohibited without the prior written consent of the copyright owner.
The contents of this website must not be interpreted, considered or used as if it were financial, legal, fiscal, or other advice. National Bank and its partners in contents will not be liable for any damages that you may incur from such use.
This article is provided by National Bank, its subsidiaries and group entities for information purposes only, and creates no legal or contractual obligation for National Bank, its subsidiaries and group entities. The details of this service offering and the conditions herein are subject to change.The hyperlinks in this article may redirect to external websites not administered by National Bank. The Bank cannot be held liable for the content of external websites or any damages caused by their use.
Views expressed in this article are those of the person being interviewed. They do not necessarily reflect the opinions of National Bank or its subsidiaries. For financial or business advice, please consult your National Bank advisor, financial planner or an industry professional (e.g., accountant, tax specialist or lawyer).