How to Identify and Avoid Phishing

Phishing is a type of fraud that uses deceptive e-mails, websites, text messages and/or telephone calls to gather personal, financial and confidential information for fraudulent purposes and/or unauthorized access.

For a quick reference guide on phishing, view the For Your Information sheet titled: Phishing – Don’t Get Hooked! (107 KB)

Phishing campaigns are designed to look like a legitimate email, message or website from a legitimate business including a financial institution or utility service. As a result, you may be tricked into revealing sensitive information such as your Government-issued username and password, social insurance number (SIN), credit card and bank account numbers.

The impacts of phishing within a Government context may include:

  • Unauthorized access to your Government Email account
  • Thousands of spam email being sent from your Government Email account
  • Government email being blocked

What does Phishing look like?

Phishing campaigns are becoming increasingly difficult to identify as phishers are getting better at impersonating websites we know and trust. Phishing will typically start with you receiving an email or text message that conveys a sense of urgency, demanding an immediate response to an issue.

Sample content found in fraudulent email messages include:

  • “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity…”
  • “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information…”
  • “You have won a prize, contest, etc. please respond…”
  • “Someone you know needs a transfer of funds immediately because they are stranded…”

Examples include emails that provide links to websites that are identical to legitimate service providers including financial institutions, utility services, personal services, etc. These sites may look real but a closer look may reveal website addresses that contain misspelled words or do not appear related to the name of the service provider:

Correct AddressExample of a Phishing Address

www.royalbank.com www.bankk.1234.com
www.facebook.com www.facebokk.com
www.visa.com www.7241.vsa.pol

How to Avoid Phishing

Being cautious and educating yourself is the best way to avoid phishing. Some helpful tips include:

  • Be aware of the dangers of phishing
  • Never disclose your Government-issued username and password
  • Never use your Government-issued email address for personal use
  • Only click on email links and attachments from known, trusted and verified sources
  • Verify the authenticity of the link/website address before you select it. You can do this by:
    1. Moving your mouse over the link to reveal the actual address

      Fig 1. Example of a mouse over a link reveals fraudulent web address

    2. Checking the spelling and other characteristics in the address
    3. Using your search engine to research an unfamiliar website
    4. Review the FYI – Safe Web Browsing

What to do if you suspect that you have received a phishing email to your Government email account

  1. Do not respond, click any links or provide any information.
  2. Report your suspicion by phoning the OCIO IT Service Desk immediately: 709-729-HELP (4357) or emailing servicedesk@gov.nl.ca.
  3. Do not forward the message around as a warning to the entire workgroup, division or department. This expands the number of Email accounts potentially affected.