Phishing: What’s in a fraudster’s tacklebox?

For this blog post, Get Cyber Safe has partnered with the Canadian Anti‑Fraud Centre (CAFC), who, like us, understands how important cyber security is to businesses as well as individuals. This blog presents their perspective, and we thank them for being a dedicated partner in the cyber security of Canadians.

The Fraud Prevention Month campaign is held each March to inform and educate the public on the importance of protecting yourself from fraud. This year’s theme is “Tricks of the trade: What’s in a fraudster’s toolbox?”. Follow the Canadian Anti‑Fraud Centre (CAFC) on social media and visit the CAFC website for fraud prevention information.

Phishing: What’s in a fraudster’s tacklebox?

Phishing is one of the easiest ways for fraudsters to steal log in credentials, personal information or even infiltrate corporate networks. Fraudsters will use mass email and text message campaigns to send messages that appear to be from recognized institutions, companies or government agencies. These emails may claim that you need to update your account or that money is ready to be deposited.

The CAFC also receives many reports of phishing scam variations where the message contains malicious links or attachments. These emails or texts may appear to be a receipt from a purchase, delivery notification or a fraudulent notice to appear in court. If the link or attachment is clicked, your computer or device can potentially be infected with malware.

Financial institutions are often impersonated by fraudsters in an attempt to make their frauds sound more convincing. Phishing scams often target businesses luring employees to open an attachment or click on a link, which can potentially allow access to the company’s network, lead to ransomware or spear phishing attacks.

What’s in a fraudster’s tacklebox?

Impersonation and spoofing:

  • Fraudsters will pretend to be a familiar business, organization or financial authority requesting something from you or offering you a refund
    • They’re able to change the way their email address and name appear in your inbox

Refunds and E‑transfers:

  • Fraudsters will spark excitement by providing a reason for offering you a refund or e‑transfer, “just click the link and enter your credentials and/or financial information” - don’t let the temptation trick you!

Mass messaging:

  • Phishing messages are sent in mass with the hopes that at least a few will be lucrative - it’s likely you are targeted by one every day

What’s in your tacklebox?


  • Spelling mistakes in communications from someone claiming to be a legitimate organization should be a red flag but because of how many approvals organizational messaging needs to go through, there shouldn’t be any spelling errors


  • The Government of Canada will never send funds by email or text message – this is certain
    • If you get a message like this, report it to the CAFC


  • If you get an unsolicited email or text asking you to click a link or open an attachment – don’t do it!
  • If unsure, research the contact information for the company and reach out directly to them
    • Don’t use the contact information provided in the message
  • Never click on a link or attachment from an unsolicited message
  • Set-up multifactor authentication for all online accounts


  • Businesses should implement cyber security training for new employees

Learn more tips and tricks for protecting yourself.

Anyone who suspects they have been the victim of cybercrime or fraud should report it to their local police and to the Canadian Anti‑Fraud Centre’s online reporting system or by phone at 1‑888‑495‑8501. If not a victim, report it to the CAFC anyway.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: