Phishing scams and how to avoid them

If you’re getting texts from seemingly legitimate sources asking you for personal information, it could be a phishing attempt. Phishing scams are increasingly common. Protect yourself by learning how to spot phishing attempts and other variations of this scam.

On this page we answer

What is phishing?

Phishing is when someone contacts you via email or text to lure you into sharing personal information. They may pretend to be with a legitimate business like a parcel delivery service or a government department. The word phishing is just a variation of fishing and refers to scammers luring victims using bait.

Phishing can happen anywhere. You could be contacted by email, mobile phone or land line telephone. They may ask you to download an attachment or click on a link to get to your personal information.

Scammers move quickly to come up with new ways to convince you to share information. They will use current events and trends in their scams. A scam could include sending you a text message with a link. The link could take you to a website that looks legitimate. The site may ask you to input personal details. Remember that government agencies would not normally contact you by text message. Do not click on links in text messages.

Examples of phishing scams can include:

  • License plate sticker refund scam

  • Canada Revenue Agency scam

  • Package delivery scam

What do fraudsters do with your personal information?

If you are a victim of phishing, scammers may use information about you for identity theft. Your personal details could be used by scammers in many ways. They could access your bank account or open a new one. They may also apply for a loan or new credit cards under your name. They could also try to get government benefits using your identity or they may even attempt to fraudulently sell your home.

Keep your financial information safe to avoid financial fraud and identity theft:

Checklist to protect your financial information.

What are the types of phishing scams?

Phishing can happen in many formats, including:

  • Email phishing: when you receive an email impersonating a legitimate source. Your email is the most popular place for scammers to send phishing attempts.
  • Spear phishing: very targeted phishing — sometimes it happens after a successful preliminary email phishing attempt. Spear phishing emails may have your name and appear to be from a sender who you know. They will try to convince you to send money to someone you think is a legitimate business or person. Or the attempt could seem like it’s from your workplace asking you to click on a link to get more digital file storage space.
  • Spoofing: part of phishing expeditions is to convince you that the person contacting you is real. Spoofing happens when the sender’s email address looks like the actual email address of the person or business they are imitating.
  • Whaling: for scammers, a whale is a “big fish” in a phishingPhishing A type of fraud where a stranger poses as a trustworthy person or business to get your private information, such as passwords or credit card numbers. It is often done using email or an instant message.+ read full definition scheme. Senior executives in a company could be targeted in a whaling phishing attack.
  • Smishing: when you are contacted via text message with a request to click on a link that appears to come from a company or person you trustTrust An account set up to hold assets for a beneficiary. A trustee manages the assets until the beneficiary reaches legal age.+ read full definition.
  • Vishing: when you are contacted by telephone by someone pretending to be with a reputable organization asking you for personal information.
  • Angler phishing: happens on social media. These phishing attempts try to get you to click on a fraudulent corporate social media accountAccount An agreement you make with a financial institution to handle your money. You can set up an account for depositing and withdrawing, earning interest, borrowing, investing, etc.+ read full definition. Many companies have social media accounts to connect with customers. The angler phishing versions look very similar to the legitimate accounts and may ask you to click to get a discountDiscount When something sells for less than its normal price.+ read full definition on the company product or other ruse.

Ransomware warning:

Some email phishing campaigns ask you to click on an attachment. The attachment could be a file that — if you click on it — loads malware onto your computer. Malware is like having a spy in your system. You might not know it’s there, and then one day your files are locked, and you are told to send money to unlock them.

How can you spot and stop phishing attempts?

There are many types of phishing, but don’t take the bait. To help you avoid being lured by phishing scams consider these tips:

  • Be on alert if you receive any text, call or email that rushes you into making a decision or asks you to shareShare A piece of ownership in a company. A share does not give you direct control over the company’s daily operations. But it does let you get a share of profits if the company pays dividends.+ read full definition or confirm personal or sensitive information.
  • If you get a text from any person, or organization, pause and ask yourself:
    • Why would they have and use your cell phone number?
    • Why would they text you for important information?
  • Think twice before clicking on anything in an unsolicited email or text. Don’t click on a link or an attachment unless you are certain it is safe. When in doubt, don’t click.
  • Look for spelling mistakes in texts and emails. Fraudsters often misspell words or use strange grammar.

There are no limits to who phishing scammers will pretend to be.

The Canadian Anti-Fraud Centre (CAFC) sent out a warning after they received reports of phishing emails impersonating their organization. The emails looked like automated emails the CAFC sends when it receives files through their Fraud Reporting System. The email asked people to click on a link to view their report. The CAFC warned people to not click on the link. It said it does not provide links to submitted reports.


Phishing is increasingly popular and scammers tactics are always evolving. Fraudsters will try to get you to share personal information, such as banking details, through many types of phishing scams.

Be on alert anytime you:

  • Receive a text, email or phone call asking you to provide personal information.
  • Receive an email or text asking you to click on link or attachments — unless you are 100% certain they are legitimate, don’t click.
Last updated