What is phishing?
Phishing (pronounced the same as “fishing”) is a method by which criminals lure you into giving up your confidential information willingly. It is often disguised in the form of an email that appears to come from a trusted source such as a bank or social media site. These emails usually contain a link that takes you a website (which looks exactly like the real site) where they’ll ask for your username/password, credit card number, or even worse, your Social Insurance Number.
Why it exists?
The main point of phishing scams are to collect as much information about you without you knowing it. Even something as simple as your email username and password can give criminals access to your other accounts. If you’ve ever forgotten a password to facebook or twitter, you’ve surely requested a new one – and most often your new password will get sent to your email address. Losing access to your primary email account could result in cascading losses to other accounts. According to the Canadian Anti-fraud Center, over 2400 complaints were filed across Canada resulting in almost $5 million dollars loss to the victims.
Examples of phishing
Emails are the main source of phishing scams. These emails claim to be coming from a legitamate source such as a bank, and may even have personal information that you (thought you) didn’t disclose. The email will look exactly like one that you may expect, complete with real addresses and logos, but once you click on the link, you’ll be taken to a fake site. Once there, you’ll be instructed to enter your card number and password. One technique that scammers use to get you click on the link is to mask the link’s name with a different URL beneath it. For instance, the link’s text may read www.YourTrustedBank.com, but the link’s URL is actually pointing to www.FakeBank.com.
How to stay smart online
1. The best way to stay smart when browsing the web is to look before you click. If you put your mouse cursor over a link and look near the bottom of your screen, you’ll see where the link will take you. If, as mentioned above, the link is different from the text, don’t click on it. If you are unsure, don’t click on the link, and instead use your favorite search engine to find the real website. Searching for the name of your bank/social media site will provide a path to the real website.
2. Check your credit report anually. Many people don’t know that you can obtain your credit report once a year for free from Equifax and TransUnion. Check your report regularly to make sure there’s nothing phishy (sorry, couldn’t resist) going on.
3. Use 2-step verification. If you use any of the google products such as Gmail or Google Docs, and you have a smart phone, you have to use this. In brief, 2-step verification requires you to sign in once using your regular email password, then follow up with another password that is located on your phone. This second password changes every minute and is only valid while it is displayed on your screen. Even if someone steals your regular email password, they would still need your phone to access your constantly changing second password. But don’t worry, if you’re using a trusted computer, you only have to do the 2-step verification once every 30 days.
What if you are a victim of phishing?
If you do fall victim to a phishing scam, start by reporting it to the police, then cancel your credit cards and get a new drivers license. Lastly, to be extra cautious, contact Canada Post to see if your mail is being redirected without your consent. The RCMP website has great information and a lot more steps to follow if this ever happens to you.
Do you have any other tips to avoid being phished? Let me know in the comments.