We all have a role to play in the fight against phishing
We rely on email messages every day. For this reason, we trust that they are legitimate. Unfortunately, criminals try to abuse that trust by sending fake emails that “spoof” legitimate senders. These messages lure you to open malicious attachments or click through to fraudulent websites. By doing so, you may unknowingly reveal login details or other sensitive information. This type of scam is commonly called “phishing.”
To give you a sense of scale, Public Safety Canada estimates that cyber criminals send out 156 million phishing emails on a daily basis. From those emails, fraudsters typically net 800,000 victims, resulting in credit card fraud, identity theft and financial loss. A Norton Report by Symantec further estimates that consumer cybercrime cost Canadians $3-billion (US) in 2013.
Organizations and government agencies are doing their part to help protect Canadians against these scams. Public Safety Canada leads awareness campaigns such as Get Cyber Safe, teaching Canadians to identify and defend against cyber fraud. The Office of the Privacy Commissioner of Canada collaborates with industry associations such as the London Action Plan (LAP) to brief the international Organisation for Economic Co-operation and Development (OECD) on threats posed by phishing. For its part, PayPal Canada identifies fraudulent emails and phishing websites, and works closely with law enforcement to stop the criminals behind these campaigns. PayPal also leads the development of technical security efforts to block spoofed emails from being delivered to our users.
Thanks to these efforts, millions of spoofed emails are blocked, phishing websites are shut down within hours of being detected, and Canadians are increasingly protected from online criminals. However, the more aggressively we fight phishing, the harder fraudsters try to trick us. This is why it is crucial that all Canadians have the ability to identify spoofed emails and phishing scams.
Spot spoof emails
Spoof emails look similar to genuine emails from businesses you are already familiar with. Fraudsters mimic the sending addresses so, at a glance, they appear to be from a trusted source, and the content even appears to mimic the look of the original company’s website. So, how do you spot a spoof?
Fraudsters don’t want you to think – they want you to take action. The first sign of trouble is an urgent subject line. If you receive an email with a subject line similar to, “Urgent - Your Account is Restricted,” review the email closely to spot more subtle clues. For example, fraudulent emails often contain spelling and grammatical errors. If you’re suspicious, contact the sender via phone or direct customer service to confirm.
If you receive an email from someone claiming to be PayPal, you may notice that your full name is missing. Official PayPal emails always include your full name. PayPal never requests your password or financial information in an email, and we’ll never ask you to download an unexpected attachment. If you need to update account information or financial details, even in response to an email notice, always log into PayPal’s website directly.
Recognize phishing scams
Spoofed email messages phishing for login details or other sensitive information often include malicious links to fake websites. Before clicking, carefully consider whether the URL matches that of the sender, or whether it is unusually long, starts with random numbers or otherwise looks suspicious.
Fake URLs trick you into visiting phishing websites designed to look like login pages (to steal your username and password) or pages that request sensitive personal data (to steal your identify or financial information).To stay safe, avoid clicking on links in emails. If you find yourself on a suspicious site, look at the address bar in your browser and carefully consider the URL.
Before logging into a PayPal site, take a moment to double-check that the URL starts with “https” (the “s” indicates secure). Most browsers display a “lock icon” next to the URL and there should be a colour-coded address bar, often green, indicating that the URL is secured.
Protect yourself
As we live our lives in an increasingly digital environment, it is more important than ever to understand good online safety habits. While technology protects you to a certain extent, ultimately you are the last line of defence. Be vigilant, adhere to best practices, and remember that if something seems “phishy,” it probably is. It’s better to verify your suspicions than to fall prey to the criminals.

J. Trent Adams, Senior Internet Security Advisor

Stay up to date

Sign up to receive the latest news to your email.