Upcoming Events


Welcome New Members



What is Phishing?

Posted by: FernieChamber
Thursday, August 31, 2017

Recently at the Chamber, we were targeted in a Spear Phishing attempt. This attempt had us replying to emails and confused. The mail looked like it was coming from a co-worker, but when we looked closer, the email was not a chamber email. We contacted our friends at Isosceles Business Systems to understand what was happening and that is where we learned about Spear Phishing. The grown-up more sophisticated version of Phising. To better protect us, we asked Isosceles to give us more details on email scams and more importantly how to avoid getting scammed. 

What is Phishing? 

Cyber Criminals use Social Engineering to convince you to install malicious software, or hand over your personal information under false pretenses.  They might email you, call you on the phone, or convince you to download something off of a website.
These types of scams are designed to steal money or personal information, like SINs, Credit Card #s, phone numbers, and addresses.
What does it look like?
Here is an example of what a phishing email will look like: 
Note typically there is poor spelling, links to different websites, or attached documents.  
Emails that Isosceles has seen most recently involve UPS or Purolator requesting more information about a package, with a .ZIP attachment that has the invoice or waybill.  Once the file is opened, the file inside is actually a loaded program that installs malicious software on the user’s computer.
Another phishing attempt is called Spear Phishing.  This is a targeted attempt to steal money or personal information.  This is a common attempt if your email address is publicly listed.  Spear phishing is a targeted form of phishing in which fraudulent emails target specific organizations in an effort to gain access to confidential information. Its tactics include impersonation, enticement and access-control bypass techniques like email filters and antivirus. The objective of spear phishing and phishing are ultimately the same—to trick a target into opening an attachment or click on a malicious embedded link, or even getting the user to transfer money to the attacker.
Phishing also comes in the form of phone calls.  Someone might call and offer to help solve computer problems, or sell you a software license.  Microsoft nor Microsoft partners will make unsolicited phone calls to charge you for computer security or software fixes.
Once they’ve gained your trust, cybercriminals might ask for your username and password, or ask you to go to a website to install software that will let them access your computer to fix it.  Once you do this, your computer and your personal information is vulnerable.
How to avoid getting scammed by Phishing:
  • If you are a business, use a proper email service, like Microsoft Exchange for email instead of free solutions like Telus webmail, Hotmail, or personal Gmail.  Free solutions typically don’t provide any filtering, and let spam or phishing attempts through to your employees.
  • Treat all unsolicited phone calls with skepticism.  Do not provide any personal information over the phone.
  • If you receive an email with an attachment, check the file extension.  If it’s a .zip or .rar file, don’t open the email attachment unless you’ve confirmed the file with the sender manually.
  • Don’t trust the sender name.  This can be easily mimicked, or “spoofed”, by a malicious sender.  Even if it says “Apple Inc”, or a name from someone on your contacts list, if the message is strange, don’t open it, and especially don’t forward it to a colleague or friend.
  • Don’t reply to chain emails, spam email, or phishing email.  Just delete the email, or use Outlook’s built-in filtering of spam email.

Community Partners

Business Directory Search