What is phishing?
Phishing attacks are on the rise and fraudsters are becoming more sophisticated in how they try to steal your personal or account information. The information below will help you learn how to recognize phishing and spam.
Phishing is a form of fraud in which thieves use fake emails, text messages and/or phone calls to trick users into sharing sensitive information and/or downloading harmful software. Fraudsters make it seem like these fake messages and calls are from a safe and trusted source, like TELUS, so the user will be less likely to question the message and any included attachments or instructions. They are essentially ‘counterfeit’ emails. Like all counterfeits, some are very poor imitations and others are very good and can easily trick us.
Key tip: Remember, TELUS and other reputable organizations (e.g. Canada Revenue Agency (CRA), financial institutions, etc.), will never ask you to provide personal, login or account information through unsolicited emails, texts or phone calls.
To help you better recognize, address and report phishing, we have compiled some security best practices and tips below that you can use to protect yourself and your data.
Protecting yourself from phishing emails
Knowing if a suspicious email is trying to phish you can be difficult. To help spot phishing emails faster, ask yourself:
- Does the email use a generic greeting like “Hello Customer”?
- Is the email asking you to provide personal or sensitive information, login or account information, passwords or a PIN (Personal Identification Number)?
- Does the message try to convey a sense of urgency and/or pressure you into taking immediate action, and/or click on a link or attachment?
- Is the email from an organization you trust but is unexpected and/or from someone you don’t know?
- Does the body of the email contain odd or inconsistent formatting and/or spelling mistakes?
What to do if you have received a suspected phishing email to your TELUS.net account:
- Do not click on any links and/or attachments within the suspicious email
- Forward the message to the TELUS Internet Abuse team at firstname.lastname@example.org
- Phishing emails can also be reported to the Canadian Anti-Fraud Centre (CAFC), which collects information and criminal intelligence on fraud. Follow this link to learn more about reporting fraud to the CAFC or call 1-888-495-8501.
Protecting yourself from phishing text messages
Phishing text messages are similar to phishing emails in that they try to trick you into sharing personal, login and/or account information by pretending to be sent from a trusted company or organization.
If you receive an unexpected, questionable text message, pause and ask yourself:
- Is the text asking for personal or sensitive information, login, account information, passwords or PIN (Personal Identification Number)?
- Does the message try to convey a sense of urgency or create pressure for you to take immediate action, and/or click on a link?
- Does the message appear to be from a trusted organization who has never reached out to you via text before or is unexpected?
If the answer is yes to any of these questions, you have likely received a phishing text.
What to do if you have received a suspected phishing text to your TELUS mobile device:
- Do not respond or click on links or instructions within the message
- Report the text to TELUS by forwarding the message to 7726 with the word “SPAM” in the body of the message. Instructions on how to forward text messages can be found on your device manufacturer’s website (e.g. iPhone support)
For more tips on smartphone safety, visit telus.com/wise.
Protecting yourself from phishing phone calls
Similar to phishing emails and texts, fraudsters may also try to collect personal information over the phone, either on a mobile phone or landline.
If you receive an unexpected and suspicious call, take a moment, pause and ask yourself:
- Is the caller asking for personal or sensitive information?
- Is the caller trying to create a sense of urgency and/or pressuring you to take action, suggesting something bad may happen if you do not follow their instructions?
- Does the caller say they are calling from a trusted, reputable company or organization you know would not usually treat their customers like this?
If the answer is yes to any of these questions, the call is likely a phishing or scam attempt.
What to do if you have received a suspected phishing call to your TELUS mobile device or landline:
- Do not reply to the caller; end the call right away. Give yourself a moment to think about whether this seems suspicious in any way
- If the caller tries to convince you that they are calling from TELUS, report the call to the TELUS Fraud team at email@example.com so the incident can be logged and investigated
- Phishing calls can also be reported to the Canadian Anti-Fraud Centre (CAFC), which collects information and criminal intelligence on fraud. Follow this link to learn more about reporting fraud to the CAFC or call 1-888-495-8501.
What is spam? Why do I need to worry about it?
Spam is unsolicited email messages sent to a large group of people, often posing as an advertisement, free gift, request for money, etc. The message is designed to conceal the true email address/identity of the sender and often contains harmful links.
Spam email will often:
- Have typos and use poor grammar
- Try to create a sense of urgency or give an immediate incentive to trick users into clicking on links or attachments
Spam and phishing are very similar. However, the biggest differentiator is that a spam email will usually not ask you to provide personal or confidential information, while a phishing email or text are written in a way that encourages you to share personal or confidential information.
Key tip: To protect yourself from phishing and spam, it is important to allow yourself to slow down and think critically about what you are being asked to do. Fraudsters rely on our instinct to move quickly in the online world and to click without thinking. Always allow yourself to pause and consider if anything seems suspicious or unexpected – think before you click and ask yourself the questions above.
What to do if you have received suspected spam to your TELUS.net account:
- Do not click on links or attachments within the message
- Forward the email to firstname.lastname@example.org. Be sure to include the email header details like the sender’s email address, subject line and the time and date the email was received
- Spam can also be reported to the Canadian Radio-television and Telecommunications Commission (CRTC) Spam Reporting Centre (SRC) at email@example.com. To learn more, visit the Government of Canada’s website at fightspam.gc.ca