man receiving phishing text message

March Is Fraud Awareness Month; Let’s Review Phishing

SMS+Phishing= Smishing; The Latest Identity Theft Scheme

We recently wrote about the phishing attempts branded to look like emails from the Canada Revenue Agency on our blog.  That post brought to mind recent smishing attempts on our own cell phones. Smishing is phishing, targeted to cell phone users. The Canadian Anti-Fraud Centre says the name comes from joining SMS and phishing.

Often, but not always, smishing messages will come from a “5000” number, not an actual phone number, usually indicating that the SMS message was sent via email to the cell phone, and not sent from another cell phone.

We’ve mentioned before that while hackers go after large corporations looking for valuable payment data, various online criminals target individuals, aiming to recover some of your personal info and start the process of identity theft, or other nefarious intentions.

Both phishing and smishing attempts are becoming increasingly sophisticated. We have had some clients request our help in assessing the validity of some phishing emails received.

How To Identify A Phishing Email Or Smishing Text

Question: Do you know the sender of the message?
Answer NO: Do not click any links.
Answer is YES: Consider that the sender’s account may be compromised. Proceed with caution.

Question: Does the message appear to be from a company you do business with?

Answer is NO: Do not reply or continue with caution.

Answer is YES: Are they addressing you by name or generically? Are they asking you for personal information, which they have previously stated in policies they would not do? If so, do not reply.

If you are unsure, look up the publicly listed telephone number for the company and call them to verify the message came from them.

You can also check any links in the email for validity. Hover your cursor over the link and the url address will appear. Does it look legitimate or does it look like it will take you to a different web site? If so, do not click the link.

Question: Does the message have odd and/or frequent grammatical errors or syntax errors?

Answer is NO: Continue with caution.

Answer is YES: Do not reply.

Question: Are there any attachments to the message?

Answer is NO: Continue with caution.

Answer is YES: If the attachment is an executable file type (a file with the extension .exe, .bat, .com, .vbs, .reg, .msi, .pif, .pl, .php) do not click on the attachment.

Contact the sender under separate email cover to verify its contents. If not from sender, delete the email and empty your deleted items.

Question: Does the message request any personal information?

Answer is NO: Continue with caution.

Answer is YES: Do not reply.

Recovery is expensive. Prevention is cheap.

Always stop to critically assess any email or text that seems suspicious. Often, online criminals will try to create a sense of urgency to get you to open infected attachments or provide personal information in a panicked state. Stop and take time to think the message through, then decide if a response or deletion is appropriate.

Make it a habit to never give out personal information in a phone call you did not place yourself to a known number, or via an unsolicited incoming message of any kind.

Ways to report fraud

If you suspect you have been fooled by a malicious message, and are concerned, you can contact the Canadian Anti-Fraud Centre.

Computer Support Services in Toronto ON

Do you suspect you have clicked on a phishing email or are infected with a computer virus?  We offer remote and on site computer services, including computer clean ups in Toronto and the GTA.  We also offer network security reviews and recommendations, and network management for small business and non profit organizations.