Skip navigation


Go ahead, ruin a cyber criminal's day!

October 20, 2022

The fight against phishing is real.

That’s why during Cyber Security Awareness Month this October the theme focuses on ruining a cyber criminals’ day by teaching Canadians how to fight back against phishing scams.

Phishing is a cyber criminal’s attempt to get sensitive information by pretending to be a legitimate sender such as a bank or a government organization. It is the third most common scam in Canada.

“Phishing is the No. 1 attack technique leveraged by bad actors,” said HUB Customer Central’s IT Security Officer Rick Chisholm. “It is employed over multiple vectors, for example, email, SMS text, WhatsApp/Signal, social media comments and DMs. The goal of the attack is often an attempt to get someone to disclose something of value: credentials, bank information or credit card numbers. Quite often, it is also an early step in a much more sophisticated campaign that could lead to identity theft or, in the case of an organization, intrusion and data loss.”

Chisholm added the popular concept a brooding, hoodie-wearing hacker sequestered in a dark basement surrounded by glowing screens being a significant threat isn’t realistic.

“What is more accurate are cybercrime organizations that are run not much different than any other business and their preferred money-making operation would be ransomware,” he said. “

Chisholm’s advice for anyone is to remain “vigilant and skeptical especially when it comes to Internet activities (email and web browsing).

“Trust your instincts,” Chisholm said. “If an email seems odd don’t hesitate to have your resident IT professional(s) investigate further. Better safe, than sorry.”

During October the Government of Canada and will cover topics online including how to tell if you’ve been phished, recovering from a phishing attempt and how to report the scam. It will also share information on protecting yourself and helping older adults and children stay cyber-safe.

In general, the 7 red flags of phishing are:

  1. Urgent or threatening language – Real emergencies don’t happen over email. Watch for pressure to respond quickly, threats of closing your account or threats to take legal action.
  2. Requests for sensitive information – Look for links directing you to login pages, requests to update account information, demands for your financial information, and even from your bank.
  3. Anything too good to be true- Winning a lottery is unlikely, especially if you didn’t enter! Watch out for prizes you have to pay for or an inheritance from a long-lost relative.
  4. Expect the unexpected – Watch for receipts from items you didn’t purchase, and updates on deliveries you didn’t order. Send them right to the trash!
  5. Information mismatches – Incorrect (but maybe similar) sender addresses, links for official websites, and spelling or grammatical errors that a legitimate organization wouldn’t miss.
  6. Suspicious attachments– Be wary of attachments you didn’t ask for, weird file names and uncommon file types.
  7. Unprofessional design– Watch for incorrect or blurry logos, image-only emails (no highlightable text) and company emails with little or no formatting.

If you spot ANY of these red flags, don’t click on links, reply or forward and don’t open attachments. Delete the email or text. If you’re at work, reach out to your IT department if you’re not sure.

Visit regularly for more resources, tips and tools. You can also: