• About
  • Advocacy
  • Insurance
  • Canoe
  • News
  • Convention
  • Job Board
  • Contact Us
Source URL: rmalberta.com/news/phishing-the-cyber-way/
< Return to News
  • Insurance

Phishing: The Cyber Way

Back in the day, hearing the term “phishing email” might conjure up an image of a desperate prince promising riches in exchange for a wire transfer and a little faith. While those royal scams still make the rounds, today’s cybercriminals have traded their crowns for keyboards—and their tactics have become far more sophisticated.

Did you know there are seven different types of phishing scams? Let’s look at the different types and ways you can prevent them from attacking your systems.

  1. Email Phishing: This is the most common type of phishing. Emails will often come from what appears to be a legitimate service, such as your bank, online service you subscribe to, or even the government. They will ask you to click a link to verify your information. So how do you determine whether or not these are real and prevent unauthorized access to your information?
    • Check the email address. This is usually the easiest way to confirm if it’s real. How often does you bank email from TDsecurity@gmail.com? Likely never.
    • Hover over the link they want you to click. Where does the link send you?
    • Still not sure if it’s real? Give the company a call and verify. Search the number on your own. Do not rely on the phone number or the email.
  2. Vishing (Voice Phishing): We all know these calls. Nowadays, our smartphones do a better job at notifying us of potential scam calls. These are calls from bad actors pretending to be from a business you know, such as your bank, and asking you to verify your account information. So how do you prevent these?
    • If someone is calling you from a legitimate business, they rarely request you to verify your personal or account information, as they would already have it in front of them.
    • If you’re not sure, you can ask them for verification, such as an employee ID, and a phone number and let them know you will contact them back. If it’s a service like your financial institution, they will have a generic toll-free number that you can easily search for or find on the back of your card.
    • When in doubt, let it go to voicemail. If it is a legitimate business, they will typically leave a voicemail and let you call them back. Be mindful of automated voicemails.
  3. Spear Phishing: These are more targeted emails to an individual or group with an organization. These are likely to be more personable to make them more believable. Now these are getting tricker. How do we tell these apart?
    • Who is the email coming from? Is it from HR asking you to verify your birthday? Or maybe senior management is asking you to clarify information? Think about how frequently you receive emails from these people, as well as the information they are asking. If it’s something out of the ordinary, give them a call and make sure the request is legitimate.
    • If you don’t recognize the email address, forward it to your IT department to verify before clicking on anything or providing any information.
  4. Social Media Phishing: Remember seeing those ads on Facebook that ask you “when will you get married?” If you clicked it, it asked you for all this personal information in order to determine the answer. That’s right, you went phishing and likely caught a malware bug. So, does this mean I shouldn’t play these quizzes on social media?
    • It’s not just the little quizzes, but also the ads for business that might seem real. The best approach is don’t click if you don’t know. If you see a site that piques your interest on social media, go outside your social media to look it up and check it out.
    • As fun as those little quizzes can seem, there is a good chance that they are slowly collecting information on you. Our advice: just say no! Facebook is not going to tell you who your soulmate is, when you’re getting married, or how many children you are going to have.
  5. Smishing (SMS Phishing): That right, text messages. “Hello, this is the fraud department from your bank, please click the link attached to verify your transactions”.
    • What is the likelihood that a legitimate business would text you and tell you click a link and then make you verify your information? Very slim. Again, if you accidentally click the link and it asks you to verify your information, just don’t. Pick up the phone and call the business. If you confirm it’s a scam, you can report it as spam via your smartphone.
  6. Pharming: This is an IT nightmare. This type of phishing means someone has infiltrated the system and could send you to fake websites, even though you typed in the real one. So how will you know?
    • Always remain diligent when you are on any website. Sometimes the logo has been altered, or the name has been changed slightly. There are signs, but you may have to really look for them. If this happens on your personal computer, you will likely need to go to a computer expert to get your computer cleared. If this happens on your work computer, let your IT department and management know immediately, as you may not be the only one affected.
  7. Whaling: This type of phishing is targeted at high-profile individuals and senior management. How do you get people to not click something they shouldn’t?
    • It’s all about diligent cyber training. They have probably already experienced something like this before and are more aware than you may think!

What do you do in general to avoid these phishing calls and emails? The answer is diligence. Take your time to read before you click. If something doesn’t seem right, investigate it more. Your organization should already have cyber training in place. Training in the workplace is crucial to ensure that people don’t get complacent.

Want to know more about cyber training opportunities for our members? Reach out to our Risk Team for more information: risk@rmainsurance.com.

Print this page