Phishing: Don't get reeled in

Phishing is a common tactic that cyber criminals use to steal personal and financial information from you. Phishing messages usually take the form of an  email or phone call from a cyber criminal who is pretending to be someone they are not, such as your bank.

Cyber criminals have become increasingly sophisticated in their phishing campaigns.

Don't get reeled in. Get cyber safe, and arm yourself with the following tips so that you can be vigilant about staying cyber secure.


Phishing is when a cybercriminal poses as a legitimate organization to try and lure you into providing sensitive data.

Sometimes they send you an email or call you asking for your banking or credit card numbers, even your usernames and passwords.

This information is then used to access important accounts and can result in identity theft and financial loss.

When this is done over SMS text messages — it’s referred to as smishing.

Here are some of the tactics that might be used by somebody trying to phish or smish you:

They might try to scare you by saying your information has already been compromised or threaten to close your account, fine you or even take legal action if you don’t respond.

On the other end of the spectrum, some messages will make it seem like you’re being rewarded — receiving inheritance from a long-lost relative, winning a contest you’ve never entered, or getting a refund for something you didn’t purchase.

Whether they’re playing good cop or bad cop, there will often be a sense of urgency to phishing requests. To encourage action without thinking, phishers will often give tight deadlines.

No matter the tactic, here are some ways to tell if the messages you receive are actually phishing attempts.

Phishing messages can be impersonal, addressing you as Sir or Madame instead of using your name.

They’re more likely to have spelling and grammar mistakes or unprofessional graphics than legitimate organizations.

They’ll also come from a domain unrelated to the company they’re pretending to be from. So double check the address when you receive an email by hovering over it with your mouse.

Unfortunately, there are fewer clues when it comes to smishing. The best way to determine is a text is fraudulent is just to ask yourself — would this organization be texting me and asking me to take action?

In most cases, the answer is no.

In fact, stopping and asking yourself that question is a great way to protect yourself from all forms of phishing.

If you’re still not sure, get in touch with the organization by using the contact information on their official website. If there’s really a problem, they’ll let you know.

Legitimate organizations don’t usually ask you to verify or provide confidential information in an unsolicited email or text.

Phishing scams are on the rise — but follow these tips and you’ll be sure not to take the bait.

What does phishing look like?

Phishing messages appear to be from a legitimate source but, in reality, they are from cyber criminals who are attempting to trick you into sharing sensitive information. In these messages, cyber criminals frequently use scare tactics, such as threatening to close your accounts or arrest you unless you give them information that you would ordinarily keep secure. If successful, the cyber criminal can use that information to steal your identity or to gain access to your accounts.

For example: Many cyber criminals claim to be from government organizations and threaten potential victims with fines or an arrest if they do not call them back with personal information.

What are the different forms of phishing

Phishing refers to any attempt to steal information, whatever the means. Phishing messages can come in almost any form: Emails, text messages, social media direct messages, or phone calls.

In most cases, cyber criminals’ phishing campaigns are untargeted attempts to solicit personal details by casting as wide a net as possible to get people to respond.

However, there are more specific versions of phishing that are worth knowing about:

a credit card with a fish hook in front and a phone behind, with an emoji of a monkey covering its eyes


Is a phishing attempt through SMS (text message).

a spearfishing gun, with an open envelope marked with a red exclamation mark, and shocked emojis


Is a hyper-targeted phishing attempt in which a message is designed to sound like it’s coming from a source you know personally.

a whale, dialogue windows, eyes and a padlock


Is a phishing attempt aimed at a high-profile target such as a senior executive or other high-ranking official in an organization or government department.

a laptop with a target on its screen, two dialogue windows with eclamation marks, and worried emojis


Involves creating a fake website to get someone to share their personal information

The dangers of falling for a phishing campaign

Falling for a phishing scam can be very costly; you can lose money and your personal identity.
Cyber criminals can use the information that they gather to steal your financial information, open accounts in your name, or steal your identity.

How to protect yourself from phishing campaigns

There is no simple way to ensure you are 100 per cent protected against phishing campaigns.

Phishing campaigns are becoming increasingly elaborate, and the growth of digital platforms, like social media, have given cyber criminals many opportunities to reach victims.

The best way to protect yourself from a phishing campaign is to be extremely cautious any time you receive a message that asks you to reveal personal information – no matter how legitimate that message may appear on first glance.

Whenever possible, you should try to verify requests for information through another means.

For example: If you receive a message from your bank requesting you take immediate action to click on a link or verify some information, simply call your bank branch directly to verify the message’s legitimacy.

Remember, most legitimate organizations will never ask you to reveal information through an email or text message.


Phishing campaigns can be difficult spot. Cyber criminals have become experts at using sophisticated techniques to trick victims into sharing personal or financial information.

But the best way to protect yourself is to learn how to spot a phishing scam before you take the bait.

Related links


Santa got hacked

Santa got hacked

The classic tale of when Santa fell for a phishing scam.

Video: Life Happens Online - Sharing special moments

Video: Life Happens Online - Sharing special moments

Your favourite sitcom, Device Appreciation Time, got a spin-off called Life Happens Online and it’s more 2000s than ever! In this second episode, Ted's sister sends him lots of pictures of his nephew...and a few surprises!

Reporting spam text messages to 7726

Reporting spam text messages to 7726

Spam text messages are common and can be tough to manage. Find out how you can help block spam and unwanted messages from your phone.



Read up on the latest cyber threats and tips for keeping yourself, your family and your business cyber safe.



Visual learner? Check these out for tips and tricks to keep yourself, your family and your business secure from cyber threats.

Become a champion

Become a champion

Become a Get Cyber Safe champion to help improve internet security for yourself, your organization, and all Canadians.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: