Skip to content
Staying Secure

How to spot and avoid phishing scams

How often do you check your email? How frequently do you receive texts? My guess is that your answer is every day, several times a day.  And that means you could fall victim to a phishing scam. But what is phishing, exactly? Read on to learn more about how to spot phishing scams and avoid being a victim yourself.


What is phishing?

Phishing is when fraudsters send emails, texts or other kinds of messages that coerce you to click on a link.

They’re “phishing” for information – get it? If you click on the link, it’ll either install malware onto your computer or link you to what looks like a legitimate trusted website. Both are an effort to obtain your passwords, personal, banking and/or account information.

In both instances, the message sent is often presented in a manner that seems official or intimidating to encourage you to take action. In the case of malware, this is usually used to capture and record your key strokes, your banking or personal information, passwords and accounts. Other times, you may be prompted to sign into a fake website that looks very similar to the real one. For example, the email will claim to be from a financial institution or online store but it’ll take you to a fraudulent website which looks like the real homepage to log in, update your profile, validate or confirm your account. And when you do, it gives the cyber criminals your username, password and other personal information.

You may also be asked to confirm other information like a Social Insurance Number/Social Security Number, date of birth and an email address.The information they collect allows them to access things like your online bank account, shopping accounts, store accounts etc. to steal your credit card numbers or identity.


What channels are used for phishing?

Most people think that they can only be phished through emails, but there are several ways fraudsters may contact you.


The most common phishing method is email. That’s when someone contacts you through your email address prompting you to click on fraudulent links.

SMS (texts)

You can be phished through a text message. It could be someone pretending to be your service provider prompting you to click on fraudulent links.

Social Media

This is when a company or person reaches out to you through private, or sometimes public, messages on your social media account prompting you to click on fraudulent links.

What to look for


Who is the email from? If they claim to be from a big company, a legitimate email probably wouldn’t come from an everyday personal email carrier. Scan the CC section to see if you recognize anyone else. It’s also a good idea to check if it’s been sent to “undisclosed recipients”. If you don’t recognize the person who sent it, then don’t open any links they direct you to

Bad spelling and grammar

If spelling and grammar are poor then chances are the message wasn’t sent from a reputable source or company.


If it says “urgent action needed”, “your account has been compromised” or prompts you to act fast by threatening to close an account you can safely assume it’s phishing—they’re just trying to force you to click out of panic.


If you’re shopping online or just surfing the net and you happen to click on a website you’re unsure of, check the URL for misspelled words or missing periods in the name. These could be indicators of fraudulent website.

Always look for the little lock icon at the very left of the URL bar. The safest option is to go to the real website through a search engine instead of an email link. For example, if the company is claiming to be your financial institution, don’t log in through the link provided in the email. Go to the official website to log in—just in case.


When a fraudster personalizes the phishing message, it’s called spear-phishing. Remember – this is just another tactic they use to encourage you to click on the link. Just because they’ve used your name doesn’t mean it’s legitimate.


What do I do if I suspect phishing?

Remember one easy rule: just don’t click.

Don’t open attachments from unknown senders.  Don’t log in. Avoid clicking on the link. And if you do, don’t fill in your information. If you feel that you might need to action it and perhaps it is legitimate, you can always give the company a call to confirm before you click on any links. Better to be safe than sorry.

Ensure you have anti-virus installed on your computer and computer is up-to-date with this security patches to protect yourself in the event malicious software is installed on your computer.


What should I do if I become a victim?

If you have given your bank account information, credit card numbers or any information on your identification cards like your passport, driver’s license or your SIN number, call any creditors and your financial institutions immediately.

Stephen Pedersen

Stephen Pedersen

Director Information Security

Stephen holds multiple information security designations, an electrical engineering degree, and an MBA degree from the Beedie School of Business, SFU. He is responsible for Information Security including executive leadership, cyber risk management and security operations.

Most popular in Staying Secure

Staying Secure

Three things you can do to protect yourself against wire fraud

You may think it could never happen to you. You know you need to shield your PIN when you use your debit card and you make sure to regularly change…

wire fraud
Staying Secure

How heartbreak can hurt your bank account. All about romance scams.

You may have seen it in the news. Romance scams are one of the most emotionally and financially devastating frauds out there. And you might think, but that would never…

romance scam
Staying Secure

We break down what you need to know to protect yourself against cyber fraud

Remember the early days of the internet? And how it felt waiting for your sibling to finish their phone call so you could connect to the dial-up to chat online…