4 telltale signs of a phishing email
7 March 2023
Did you know that logos, signatures and security features are easily forged and widely used by fraudsters? That’s why you have to pay special attention to the contents of the various messages you receive (email, texts, social media) to spot a fraud attempt. Here are 4 signs that point to a phishing attempt, they have one thing in common: they’re always unexpected and unsolicited, requiring immediate action.
1. They give a sense of urgency
Why? The goal of scam artists is to get you to act fast without thinking, by giving a sense of urgency and emphasizing the consequences if you don’t.
Common scenarios:
- — You’re asked to update your personal information; if you don’t, your account will be frozen or closed.
- — Your financial institution informs you that your account could be compromised and asks you to click the link to login and quickly change your password.
- — A fundraiser after a tragedy or natural disaster.
- — A criminal charge where you have to click on a link to learn what you need to do or to notify the authorities.
Be vigilant!
1 in 3 Canadians have received phishing attempts since 20201.
If you have any suspicions, use an official number to contact your financial institution or the organization in question. Don’t click on any links and never call a number included in a suspicious message.
2. They promise a financial gain
Ah! The lure of money! The goal here is to make you believe you’ve won a prize or are receiving a perk of some kind, even though you didn’t ask for it. Scam artists will often use this strategy to trick you into providing your information.
Common scenarios:
- — You receive an email with a clickable link or attachment to claim a prize or windfall from someone you don’t know.
- — You get a congratulatory email saying you’ve won an official contest you didn’t enter. To receive the prize, you need to click on a link to log in.
- — You receive a notice from your financial institution, phone service provider or power company saying that you were overcharged for service fees. It has reimbursed you and you’ll need to follow a certain procedure to have the money deposited to your account.
- — You receive a message from a government organization stating that an amount is ready to be deposited in your account (repayment, one-time payment, tax refund, etc.).
Over 3 billion phishing emails are sent out every day. This number totals a trillion fraudulent emails per year2.
Text scams (smishing) increased by 328% in 2020 alone3.
In 2021, there was a 103% increase in social media phishing attempts4.
3. They tell you there’s a problem
You should be suspicious of any message asking you to disclose personal information to resolve an issue.
Common scenarios:
- — Your financial institution contacts you to notify you of problems with its online banking site. To resolve the problem, it asks you to click on a link, log in and confirm by email if you’re able to access the site.
- — Text message from your financial institution asking you to confirm if you’ve made a transaction by replying yes (Y) or no (N). You are then sent a link or the scammer calls you posing as an employee of your institution to get your information.
- — There’s a problem with your device (hack, need to update an app, expired password, you’re over your phone or internet caps).
- — An accounting error was made on your account and was then corrected. The email includes a link connecting you to a fake online banking site that looks just like yours.
- — An unexpected message to renew a service that you’re not subscribed to, for example, GeekSquad or an antivirus software.
4. Pique your curiosity
The purpose of this type of strategy is to pique the victim’s curiosity to get them to click on a link or open an attachment. Often, the message comes from a contact you know who had their account or email hacked. Ask yourself the question: Would they really send this type of message?
Common scenarios:
- — An ambiguous link to an intriguing video or file featuring you sent via text or social media.
- — Unexpected message from a recruiter about a dream job.
- — Attached photo or document that doesn’t seem to be for you but may be named after one of your contacts.
- — A message promising you’ll meet your soul mate.
Remember that scammers want to infect your devices so they can get their hands on your personal information. As soon as you click on a link or open an attachment, malware could automatically install itself, allowing the fraudster to reach their ultimate goal—getting to your money!
Your security is our priority
Our members and clients matter to us. That’s why we created Desjardins Identity Protection, one of the best protection programs in Canada. Learn more about Desjardins Identity Protection.
How to react if you suspect a phishing attempt
- Stop and ask yourself this question: is this a legitimate message? Were you expecting this text, email or call?
- Go over what you’ve received; do you recognize any of the above signs?
- If you’ve clicked on a hyperlink, downloaded or opened an attachment, contact the Canadian Anti-Fraud Centre before calling your financial institution. You can find the number on your account statement or the back of your credit or debit card.
The best way to protect yourself is to stay alert to possible scams. Don’t be deceived by appearances—pay attention to the content of the email. If in doubt, don’t reply!
1 The Daily – Canadians spend more money and time online during pandemic and over two-fifths report a cyber incident (statcan.gc.ca).
2 How to Report a Phishing Email Scam: What You Need to Know | Terranova Security
3 Security Brief: Mobile Phishing Increases More Than 300% as 2020 Chaos Continues | Proofpoint US
4 Quarterly Threat Trends and Intelligence – February 2022 (phishlabs.com)