What to do about a suspicious-looking message

  • Transcript

    I just received a suspicious-looking message. What do I do?

    Receiving a suspicious message can feel overwhelming. This is especially true when it seems to be from a legitimate organization you regularly deal with, like your bank. It can be hard to tell the difference between a genuine message and a scam message — and cyber criminals are counting on that. Cyber criminals often use fear or intimidation to trick you into clicking something malicious.

    To make things easier, we created this simple flow chart you can reference in case you’re not sure whether a message is legitimate or a scam!

    (Example of a phishing email)

    New message

    From: acc0unts@youurbank.ca

    Subject: Account Rest

    Body of email: (bank logo)

    Attention customer

    Your online banking account may is compromised.

    Click on this link to reset your account immediately. If you don not reset your account within a 24hr time period, your account will be locked.

    Do not attempt to access your account by any means other than the link above as it may already be compromised.

    Regards,

    Account team (end of example)

    Do you have an account with this bank?

    • Yes: go to 1.
    • No: it's a phishing or scam message. Delete it.

    1. Does the sender's email address match who they say they are?

    For example is the email from the company's email domain? Is the email address spelled correctly? (In this example, it is from "acc0unts@youurbank.ca".)

    • Yes: go to 2.
    • No: It's a phishing or scam message. Delete it.

    2. Does the message have spelling mistakes or blurry logos and images?

    (In this example, the "bank" logo has strange colouring, and the email contains the typos "may is" instead of "may be" and "don not" instead of "do not".)

    • Yes: Suspicious. Reach out to your bank using the contact info on their official website.
    • No: go to 3.

    3. Does it use urgent or threatening language?

    For example, does it threaten legal action or to close your account if you don't act now? (In this example, the email contains the words "immediately" and limits action "within a 24hr time period".)

    • Yes: Suspicious. Reach out to your bank using the contact info on their official website.
    • No: go to 4.

    4. Is it making odd requests?

    For example, is it asking for personal information or demanding payment? (In this example, the email states: "Do not attempt to access your account by any means other than the link above as it may already be compromised."

    • Yes: Suspicious. Reach out to your bank using the contact info on their official website.
    • No: It is probably legitimate, but you should avoid clicking on links in the message. Instead, search for the bank's official website through your browser.

    If you're ever unsure about a message, you should contact your bank using the contact information on their official website.


    Catalogue number: D96-62/2021E-PDF | ISBN 978-0-660-39247-9

Date modified: