Phishing is a common tactic where a sender pretends to be a legitimate source to trick the receiver into divulging sensitive information such as usernames, passwords, credit card details, financial details, and more.
Phishing may be attempted through email, text messages (smishing), phone calls (vishing), or social media messages (spear phishing).
The sender might claim to be your financial institution or another company and may urge you to click a link and enter your login information. If you do, the attacker might try and use your information for malicious purposes.
For email, hover over the sender’s name and look closely at the sender’s email address. Is the name spelled wrong? Is it [companyname]@gmail.com, or another generic-looking domain? If so, you could be lookingat a potential phish.
A good rule of thumb is to never click a link in anunexpected email or message and not to download any attachments.
To investigate a link, hover over it and look at the URLthat pops up (but don’t click!). Compare the domain in the email to the real one.
Often, phishing messages will open with something like “Hello customer” or simply “Hello.” A legitimate email will usually address you by name.
Even if your name is in the email and spelled correctly, make sure you check the email for other clear signs of phishing.
Often with phishing, there is urgent or threatening languagethat pressures you to take immediate action. For example, it may urge you to actwithin 24 hours or your account will be shut down or your services suspended.
If you receive a message like this, reach out to the company directly, but not by responding to the message or calling the number it may provide. Contact the company through a known, trusted method.
If you receive a message through a corporate channel, such as your company-provided email address, report the message immediately using your company’s phishing reporting tool (e.g. Outlook’s report phish button). Do not click links or download attachments.
If you clicked a link or entered credentials:
If you are a Cambrian member and you receive a suspicious email claiming to be us, contact the Cambrian Sales and Service team to verify the message’s authenticity at (204) 925-2727.
If you receive an odd email or message from anyone else you suspect might be phishing, delete the message right away. That way you won’t open it later and accidentally click a link, download an attachment, or do anything else it might be requesting.
Enabling multifactor authentication (MFA) is one of the most effective ways to protect your accounts. MFA adds a second layer of security, such as a code sent to your phone or email.
Visit Cambrian’s Cybersecurity Centre to learn more about how to protect yourself online!
We would be happy to discuss your unique situation with you.
Our goal is to make complex topics like this one, simple.
