What phishing looks like in 2021

A lot has changed over the past year. Some of those changes have been pretty hard to miss. Others may have been less obvious, like the type and frequency of cyber scams. a person looks at a laptop with a frustrated look, a whale, a lock, dialogue windows and an exclamation mark

Phishing messages are more common today than ever before. Since the start of the COVID-19 pandemic, Statistics Canada determined that more than one in three Canadians have received a phishing attack. It’s important that we recognize these fraudulent messages when we receive them so we don’t lose time, money or even our identities to scammers.

Here’s what you need to know about phishing in 2021.

What are the topics of these phishing messages?

Phishers use different schemes to trick you, like sending you suspicious links to reset your streaming password or tricking you into thinking there were issues with your tax return. In 2021, cyber criminals are also exploiting the COVID-19 pandemic. These scams can range from texts or emails about vaccines, the Canada Recovery Benefit (CRB) or the Canada Emergency Student Benefit (CESB) payments, unofficial contact tracing apps, COVID-19 tests or vaccines for sale, phony COVID-19 vaccine appointments, and requests for money to support COVID-19 patients or research.

Basically, if there’s a topic someone is worrying about related to COVID-19, cyber criminals have sadly found a way to write a phishing message about it.

Scammers are still up to their old scams, and you should be careful with every message you receive. But you should be especially cautious with messages related to the pandemic. You can find a list of known COVID-19 scams provided by the Canadian Anti-Fraud Centre here.

What do these scams look like?

At first glance, phishing messages look like any other email or text message. That’s because cyber criminals try to make them look legitimate. Cyber criminals often use familiar designs, email addresses and text. This helps to convince their target that the message is from a trustworthy source, like a bank, healthcare organization, government department or even a friend.

Some scams are even more convincing than others, like spear phishing and whaling scams. Cyber criminals use spear-phishing tactics to target specific individuals, organizations or businesses. They use personal information, like the recipient’s name or address, and other details, like their interests or friends, to convince the recipient that the email is legitimate. Whaling scams do the same, but they target high-profile individuals like CEOs or government officials.

Because spear-phishing scams can be hyper-targeted to you, it’s important to exercise caution! You should verify messages before opening them and always review your messages for signs of phishing by using the tips below.

How do I spot a phishing scam?

No matter how real it looks, take every message you get with a grain of salt — especially if it’s one you weren’t expecting to receive. You should always keep an eye out for the red flags of a phishing message:

  • language that threatens you or pressures you to act now
  • requests for personal information or for you to “verify” your password
  • unexpected good luck like winning a contest or getting a vaccine appointment you didn’t register for
  • spelling or grammar errors, design flaws, and links or email addresses that don’t seem right

If you receive a message you’re not 100% sure about:

  • don’t click the links. If you want more information, look up the organization in your browser instead, so you know you’re getting information directly from the official source.
  • don’t download files you weren’t expecting. Legitimate organizations don’t usually send you files, forms or ZIP folders without you asking for them first.
  • reach out to the sender by using the contact information provided on their official website or social media channels — not by replying or clicking links on the message itself.

When it comes to spear phishing and whaling, phishing scams can be even harder to spot. This is especially true if the sender is pretending to be someone you know. If a message asks for sensitive information or asks you to click a link or download a file, pick up the phone and give the “sender” a call to confirm. An awkward phone call is a whole lot easier to deal with than the consequences of a phishing scam.


The phishing messages cyber criminals are using to trick you are changing to reflect the issues Canadians care most about today. But the things you need to look out for to spot them aren’t changing with them. Make sure you know how to spot a phishing scam so you don’t get reeled in.


Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: