As a refresher, Wikipedia defines Phishing as: Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
To put it simply, phishing emails are designed so that folks provide their passwords to a untrusted 3rd party. Most phishing attacks can be detected and stopped with a quick read over of the message.
Examples of these types of messages, from the last week:
- A Sign company sending out invoices – invoices are pdf attachments. Opening the PDF loads a page with a link to a fake Dropbox website asking for login information to view the document
- A fake notification from “Microsoft” asking staff to download a file called “contract review.pdf” Opening the PDF loads a page with a link to a fake Dropbox website asking for login information to view the document
- A baseball team manager sending out an email saying ‘thanks for joining up’ with a PDF falsely named as 2018 schedule. Opening the PDF loads a page with a link to a fake Dropbox website asking for login information to view the document
If you didn’t join a baseball team, and didn’t order a sign, and also are not expecting a contract review than you should be easily able to identify these messages as phishing emails and delete them.
If someone sends you an unexpected attachment, just check with them over the phone if they sent you something. Don’t trust a follow-up email that says “Yes, I sent an attachment” as this can be part of the phishing scam.
If you do open a phishing pdf, you will usually see a fake dropbox link will be displayed inside the PDF. Sometimes instead of Dropbox it will say Microsoft, but the content is still the same, links you must follow to “login” to a phishing site.
For example: the image below is the content of the current phishing PDF’s going around right now:
- A PDF file that has only a link inside to “download” a file is 100% going to be a scam. This should also be a red flag that something is wrong. You can close that file and delete the email. Your machine and information is still safe.
- If you clicked on the download/view link in the fake dropbox PDF file. You would have been directed to a webpage that would have asked you to login using your email account.
Apart from emails, always be very wary of jobs that require you to send money (even if they offer to send you money and then return some of it to them; cheques bounce and you’ll be left with the loss).
Also, websites that suddenly ‘break’ with an urgent request that you phone a certain number to avoid viruses, etc. (use ctrl-Alt-Delete and close down the browser and try again; you probably just misspelled a URL). Also, phone calls from people who offer Microsoft “fixes” and that your computer is “at risk” are scams; reporting these calls (and telling them never to call back) seems to help.
Other scams include businesses that skirt the law by suggesting for example, that a sick friend is seeking to contact you, and for you to call a certain number; if you then call the number is will likely be a paid by the minute service and they may put you on hold (while your phone company legitimately charges you) and keep you on the phone with vague remarks and questions (again, extending your call and costing you more).
Be aware and be safe, and report fraud online: http://www.antifraudcentre-centreantifraude.ca/reportincident-signalerincident/index-eng.htm
If you suspect that you may be a target of fraud, or if you have already sent funds, don’t be embarrassed – you’re not alone. If you want to report a fraud, or if you need more information, contact The Canadian Anti- Fraud Centre:
Ways to report fraud
- Toll Free
Hours of operation
- 9:00 am – 4:45 pm