Skip to contentSkip to search
TELUS Business

How to spot a phishing attempt

Security · Sep 1, 2015

You receive an email from what appears to be your bank, warning you that your business chequing account has been compromised and that you need to take immediate action. Helpfully, the email includes a link directly to what seems to be your bank’s website, where you can change your user name and password. All you have to do is click on the link, then provide your password.

Be very afraid. If this is a phishing attempt, you could be about to divulge everything a criminal needs to know to strip your business of its financial security. 

Phishing scams happen often, but they’re not always disguised as email communications from a bank or other company you do business with. Hackers can break into email accounts belonging to innocent people or businesses and then send phishing emails to all of their contacts, so an innocent-looking message from a friend, family member, or client could also be an attempt to access your vital information. 

The key to your digital security is to stay aware and make sure your employees also stay up to date on recognizing the signs of a phishing scam.

So how can you avoid being a victim? The TELUS Security Team has put together some tips to help you spot phishing attempts.

How to protect yourself and your business

Phishing attempts look very realAn email arriving in your inbox will look like a legitimate communication from a company or person you know, with only a few small details that will tell you otherwise. There are some clear warning signs you should look out for.

For most phishing attacks to work, you have to do something after reading the message. You may be asked to click on a link or respond to a request for information. Before you do:

Hover your mouse over a link before you click on it

This will display the actual destination the link will take you to. If you don’t recognize it as legitimate (e.g. if it’s not the usual website), do not click on it.

Don’t provide your password just because an email has asked you to

Your bank or any other reputable organization will never ask you to divulge your passwords.

Do not open any attachments unless you’re expecting them

Whenever you get an unexpected attachment, even if it’s from somebody you know, call the sender to verify that it really is from them.

Don’t click on any links you’re not 100% sure about

Instead of taking the risk that you may be redirected to a counterfeit site from an email, go to your browser and type your bank and other details directly into the web address you know, then check to see if your bank really has asked you to take any action. This hint applies to phone scams too. If someone claims to be calling from your bank, hang up and phone the bank yourself, then ask to be connected to the appropriate person or department.

Be skeptical of any message that requires “immediate action” 

If you’re threatened with drastic action, such as having your account shut down unless you respond immediately, check with the organization that appears to be the sender and make sure it’s a genuine email.

Be suspicious of emails that aren’t addressed to you by name 

Any organization you do business with should know your name or the name of your business. They will not address a genuine email to “Dear Customer”.

Check the spelling and grammar 

Reputable organizations employ professionals to write their communications. Your major suppliers are very unlikely to send you an email that is full of errors.

If it sounds too good to be true, it probably is

The simplest rule of all when it comes to scams is to always be aware and always question the authenticity of any communications you receive. If something looks suspicious, it probably is. If something sounds terrific, it probably isn’t. And even if something looks perfectly okay but would qualify for one of our warnings, be careful. It’s always better to be safe than sorry.

Learn more about business security at

Authored by:
Anthony Bertuzzi
Anthony Bertuzzi