Signs of a phishing campaign: How to keep yourself safe

March 11, 2020

Spotting a phishing attempt can be difficult. Cyber criminals are skilled at grabbing our attention and manipulating their victims. With phishing campaigns, they often use scare tactics to coerce victims into giving up personal information."a person looking puzzled, with a masked robber all in black sneaking away with a bag of money, red flags and hand-shaped cursors"

That’s why you need to arm yourself with the best defence against cyber attacks: Information. If you can recognize the signs of a phishing campaign, you’ll be better equipped to protect your personal information from would-be cyber scammers.

Here are some keys to spotting a phishing campaign.

The message asks you to share personal information

Anytime you get an email, text, or phone call asking you to share personal information, alarm bells should be going off in your head.

Would a legitimate organization ask you to share information in this way?

In most cases, the answer is “no”.

But sometimes, it’s still difficult to tell. Cyber criminals have become skilled at crafting phishing messages that are designed to appear legitimate.

It doesn’t hurt to be cautious. If you’re suspicious about a message, call the person or organization who supposedly sent the information. Always be sure to use the trusted contact information. If you’re contacting your bank, use the phone number that is posted on the bank’s official website.

Remember, most legitimate organizations will never ask you to share any personal information via email or text. Chances are, these requests for your personal information are phishing attempts.

The message involves a threat

Cyber criminals need something to spur on victims to take action. After all, a message asking you to reveal personal information isn’t likely to yield results for a criminal if it only comes with a “please” and “thank you”.

That’s why cyber criminals rely on threats to scare you into doing what they want.

For example: A common phishing campaign involves cyber criminals who call you and claim to be from a government organization. They tell you to send personal information, such as a social insurance number. They threaten you with consequences such as being fined or arrested.

The natural inclination for most victims is to be afraid of what might happen if they don’t cooperate with the request. That’s why threats are so common in phishing campaigns.

If you receive a message that claims to be legitimate but involves a significant threat, stop and think before panicking. It’s likely a cyber criminal attempting to scare you into providing what they want.

The sender is suspicious

Phishing messages can be difficult to spot. Cyber criminals are experts at crafting messages that closely resemble something that a trusted person or organization say or send

But there are some red flags of a phishing attempt.

For example, phishing emails frequently come from an email address that doesn’t match the organization that the sender is claiming to be from.

With suspicious phone calls or text messages, a quick internet search of the sender’s phone number can reveal whether it is legitimate or not.

There’s a suspicious looking link

Tricking victims into clicking on a suspicious link is a time-honoured tactic for cyber criminals.

It usually goes something like this: Cyber criminals send you a message that includes a link for you to click. This link routes you to a spoofed website, which is a closely recreated version of a legitimate website, to steal your personal information.

Or something like that (cyber criminals have a ton of variations). The common denominator is getting you to click on the link.

There are some telltale signs of a malicious link:

The URL of the link doesn’t match the legitimate organization’s website URL.
Hovering over the link reveals the URL it’s going to send you to. You should check the URL to verify whether it matches with the URL of the organization’s legitimate website.
Something about the message doesn’t quite look right.
Phishing messages tend to have incorrect grammar or overuse punctuation such as exclamation marks!!!!! The message may have poorly designed templates or logos that just look off. Legitimate businesses and government organizations would never send messages like that. If something looks off, it’s likely a phishing attempt.


There’s no fool proof way to spot a phishing attempt. But there are tactics you can use to protect yourself. The best one? Common sense. If you’re always looking out for something that doesn’t look right, you’ll be more likely to spot a cyber campaign.

And remember: If something looks suspicious or sounds too good to be true, it probably is.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: