It seems that criminals using phishing tactics have found a new hotbed – Canada! RSA’s Fraud Quarterly report states that virtually 70 percent of fraud phishing attacks are targeted at Canadians. Although several surveys have demonstrated that phishing in Canada is increasing, most experts are unsure of why the sudden increase in Canada-specific attacks.
On the one hand, it is normal for malicious actors to target users in developed countries with high levels of internet connectivity and technology practice. Yet, this does not fully explain why Canada has experienced such a significant jump in the volume of phishing attacks when compared to other developed countries.
One thing is for sure – phishers are attempting, and in many cases succeeding, to take advantage of both employees and individuals who lack security awareness.
Depending on the level of success of these criminals, these phishing attacks could lead to major cybersecurity incidents if no action is taken. Implementing best practices required to recognize and avoid phishing attacks and malware infiltration should be a part of every Canadian organization’s overall risk prevention strategy. Although there are many ways to protect Canadians from being a victim of a phishing scam, implementing an anti-phishing solution can help organizations stay alert and prepared.
What is phishing?
Phishing is a social engineering attack applied to steal the user’s data, credit card details, login credentials, and other sensitive information. Phishing attacks occur when attackers disguise themselves as reliable parties to dupe the target into opening an instant message, email, or text message.
The following is an example of a phishing attack:
A spoofed email, supposedly from a credible university, is distributed en masse to several faculty members. The email declares that the user’s password is about to expire, and instructions are given to go to the “university’s page” to renew their password within 24 hours. In this case, the link redirects to a phishing website asking the person to login in order to capture their login credentials.
What are the three most common types of phishing?
Most organizations must educate and inform their employees to recognize how to identify some of the most common phishing scams if they are ever going to defend their organizations, their clients, and themselves from data breaches.
This technique relies heavily on a personal touch. Spear phishing refers to malicious emails sent to a specific target. These malicious actors already have the target name, job title, employment location, email address, and other specific information about the target.
This technique relies on a number game. The phisher sends thousands of deceptive generic requests in a bid to steal the person’s login credentials or personal data. These emails have a sense of urgency or threaten the target to do what the attacker wants.
The effectiveness of this type of phishing depends heavily on how the malicious actor can make the email look closely like an official correspondence. For this reason, experts advise to always check the authenticity of a URL before clicking on them.
Smishing and vishing
Telephone replaces emails in vishing and smishing scams. Typically, a vishing scam involves a telephone conversation where an attacker pretends to be a fraud investigator from a bank or credit card company. The person informs the target that their account has been hacked. Similarly, smishing involves the attacker sending out text messages, claiming similar issues.
Stay Calm and Secure Your Teams from COVID-19 Phishing Scams
What is the most common example of phishing in Canada?
According to the Canadian Anti-Fraud Centre, spear phishing has defrauded people of more money than any other scam in Canada. With phishing scams, the malicious actor sends the same email to several people with the expectation that a substantial number of them would be fooled into sending them money.
In fact, last year, it was reported that Canadians searching for love on the internet or other dating sites reportedly lost about $143 million due to romance scams.
How do I report phishing in Canada?
The Canadian Anti-Fraud Centre handles the reports on fraud and identity theft. If you suspect you may be a target of a phishing scam, or if you have received a phishing attempt, you can report it to the Canadian Anti-Fraud Centre through their Fraud Reporting System or their telephone at 1-888-495-8501.
No one deliberately chooses to be a victim of a scam or fraud. While some people ignore or delete suspicious or junk emails, others are not so lucky. Many phishing emails or text messages often appear unprofessional. They are muddled with grammatical errors or request that you click on links with URLs that look strange. Increasingly, however, they are more professional in appearance, lulling us into complacency. You can also report mail/ messages to the organization that it appears to be sent from.
Is cybersecurity an in-demand career in Canada?
The urgent need for cybersecurity professionals comes as no surprise. ICTC research shows that as many as 100,000 cyber professionals will be needed by 2022.
However, regardless of the high demand, there is a serious talent crunch in Canada when it comes to cybersecurity experts. Qualified cybersecurity professionals are needed to ensure phishing and email safety.
EC-Council Country Manager – Canada, Heather MacLean emphasized the importance of cybersecurity when she stated that: “Canada is a digital society. Everything we do can be tied to the internet. It is essential to inform our employees about the important role they play in stopping cybercrime. Thus, we must provide critical awareness tools to arm them with the right knowledge.”
Get trained with EC-Council
EC-Council Canada offers a wide spectrum of certifications for every phase of a cybersecurity professional’s career path. To learn more about our industry-recognized and in-demand hands-on practical certifications, click here