1. Scare Tactics
- CAPITAL LETTERS
- Sender is trying to scare you into action, to clicking on a link eg: You did not pay a parking ticket, CRA is after you for money, your credit card company needs more information, your account is going to be closed.
These are all scare tactics. You need to Stop, Think, Rationalize; does it make sense?
- Where were you to get a parking ticket and how did they know my email address.
- Why would the credit card company be contacting me asking me for my information, don’t they have that on record?
- CRA does not email notifications, they send it via mail
- You would get an official letter if there was an issue with your account.
- Legitimate businesses will not phone you to verify information, they have your information.
2. Verify the email address
Sometimes a fraudulent email will look like a legitimate email address but if you look closely it will be off slightly.
Eg: Real: info@biggarcu.ca vs Fake: info@B1ggarcu.ca
3. Attachments
Never click on an attachment if you were not expecting it or it is from an unknown source. The electronic message may have malware attached to the link or take you to a mod website that looks like a legitimate one.
4. Links and URLs
You can double check a link or URL in an electronic message by hovering over it with your mouse. You will get a popup that displays exactly where the link is going to take you. If this does not make sense, don’t click on it.
Never click on a link in an email to access your account if you were not expecting it or initiated it; iTunes, Banking, Credit Card, SGI, Facebook etc.
5. Grammar, Spelling & Structure
The structure of an electronic message can be a sign that it may be phishing electronic message. An electronic message with spelling mistakes, missing tenses, transposed words, or over generalities, should be a red flag. You will rarely send an electronic message without the inclusion of a name, company, or specific subject, especially in a business context. If you spot any of these grammatical or structural errors, don’t disregard them, they may be indicators of a phishing attempt.
6. Personal Information Requests
A legitimate financial institution or credit card company, will not contact you to ask for your personal information, especially your login information. From time to time you will be contacted to update your personal information such as an address or contact information if we are having issues getting ahold of you or your statements are coming back undeliverable. However we will not ask you for information we already have, such as your card number, date of birth or SIN. If we are missing that information we would ask you to contact us.