Skip to main content

Phishing

Phishing is an attempt to steal your personal information by masquerading as an authentic organization.

How it works

Typically, phishers send an email claiming to be from a reputable organization, like your bank, asking you to click a link and sign in to confirm your account details or fix a problem with your account. Instead of visiting the bank’s website, the link actually takes you to a fake site that collects your personal information.

Spear-phishing is a variation of phishing. The scammer gathers specific information about you and uses it to tailor their pitch so the fake email seems even more real.

Smishing is a phishing message sent via text message, or Short Messaging Service (SMS).

How to protect yourself

  • Check the sender’s email address—do you recognize it? If not, it could be a scam artist posing as a reputable organization.
  • Don’t provide confidential, personal, or financial information.
  • Check who the email is addressed to. Scam emails are often addressed, “Dear customer”, or simply “hello” instead of addressing you by name.
  • Watch for spelling and grammar mistakes in the message.

How to report it

If you suspect you’re a victim of a phishing scam, or attempted phishing scam, contact the Canadian Anti-Fraud Centre and your local police or RCMP, and report it directly to the organization the phisher is pretending to represent. If you have provided personal or financial information, you should also notify your financial institution and the credit reporting bureaus Equifax and TransUnion.

The Commission is responsible for the administration, education and enforcement of provincial legislation that regulates securities, insurance, pensions, credit unions and certain consumer services. If your complaint relates to an area outside of the Commission's regulated areas, we may refer you to the appropriate reporting agency or organization.