Online scams are on the rise and phishing remains one of the most widespread tactics used by cybercriminals to steal personal information. Understanding how phishing works is the first step in protecting yourself from these digital threats.

Phishing is one of the tactics scammers use to trick people into revealing sensitive info, like bank account details, personal data or passwords. It often involves fraudulent emails that appear trustworthy but are designed to deceive. These scammers may also use tactics such as text messages, known as Smishing, and phone calls, known as Vishing.

Many BCAA Members have experienced BCAA/CAA-targeted phishing and smishing scams, through their email and by text message. The attempt falsely poses as BCAA/CAA and AAA and tells people they have won a ‘Car Emergency Kit’, with instructions to click a link and enter personal information to redeem the fake prize.

A big part of our purpose is to help protect people in BC. To Keep British Columbians Moving Forward, we've compiled some helpful tips on how to recognize these threats and stay safe when you're online.

How to spot phishing attempts

Phishing scams come in various forms, but they often follow predictable patterns. Here are some key signs to watch out for:

• Claim to have noticed suspicious activity or login attempts on your accounts.
• Ask you to confirm personal information.
• Offer you refunds, prizes and free stuff.
• Urge you to click on a link or download some attachment.
• Spell words wrong in the sender’s email address. Most scammers will use a fake version of a real organization’s email domain, like yourbcaa.ca.
• Send you poorly written messages with spelling and grammar errors.
• Send you generic greetings like “Dear Customer”.
• Give you an urgent tone or threaten you, e.g., “Your account will be locked if you don’t respond immediately.”
• Your email server shows you an alert message that warns you they can’t verify the sender.

Familiarize yourself with the following types of phishing scams:

• Emails
  Cybercriminals will often register fake email addresses that closely mimic legitimate organizations – but change the email address ever so slightly. They send out generic requests, hoping to trick you into clicking their harmful links or share your private data.
  Example: You get a phishing email that claims to be from your bank, but with a slightly different email address to normal. It warns of ‘suspicious activity’ in and urges you to click a link to confirm your account details immediately.
• Spear phishing emails
  Unlike general phishing emails, these are highly targeted and personalized. In this case, attackers find out personal information about you to make their scams more convincing.
  Example: You get an email that references your recent online purchases, includes your name or mentions the names of your loved one, urging you to click a link to verify the information.
• Text messages (SMS), a.k.a. Smishing
  Scammers use text messages (SMS) to send fraudulent messages, often containing malicious links.
  Example: A text messages claims you’ve won a prize like a cruise or a gift certificate and you just need to input your personal info to claim it.
• Phone calls, a.k.a. Vishing
  This is when scammers call you pretending to be from reputable organizations, such as your bank or a government agency.
  Example: A call from an ‘unknown number’ or ‘suspected spam’ says you have a parcel waiting for delivery and asks you to reveal sensitive information like your bank details or passwords.

Here’s how to stay safe from phishing scams

• Be extremely cautious with links and attachments
  Hover over links to verify their destination before clicking. Does the URL look official or suspicious? If you’re at all unsure, visit the organization’s official website directly to check.
• Verify their communication
  If you get a phone call you didn’t expect or that you’re unsure about, ask the caller to authenticate their identity. For example, ask them to send you an email from their official email account. If you’re still unsure about a caller’s true identity, hang up. Then phone that organization using the official phone number on their website.
• Use security and antivirus software
  To help protect yourself against malware, install and update antivirus software on all your devices.
• Set up ‘two-step verification’ or ‘multi-factor authentication’
  Many services offer additional layers of security, such as text verification codes to your mobile phone or an authentication message sent to another device – this is two-step or multi-step authentication. Having two steps of verification makes it harder for cybercriminals to access your accounts, even if they have your password. Here are the leading authenticator apps.
• Don’t reuse your password
  Use unique passwords for each new account and update them regularly. If you need to keep track of them securely, consider using password manager software. Here is how to create a strong password in 7 easy steps.

What to do if you suspect a phishing attack

Taking quick action can limit the damage if you been targeted by a phishing scam. We recommend you:

• Report the attack: Don’t suffer in silence. Notify the implicated organization and report the phishing attempt to the Canadian Anti-Fraud Centre. You likely won’t be the only one who got attacked.
• Update your passwords: Change your passwords for any accounts that potentially were compromised.
• Run a malware scan: Use security software to check your device for malicious programs. Windows, Apple and Google Chrome have their own malware scanning software built-in, or you can buy an antivirus software from a trusted source. Disconnect your device from the Internet if necessary.
• Monitor your accounts: If you suspect your identity has been stolen, keep an eye on your accounts for suspicious activity or unauthorized transactions.

Keep informed and stay protected

Phishing scams are a constant concern, but understanding the scammers’ tactics can help to keep you safe online.

If you think you have received a communication from BCAA that seems suspicious, please refer to our Online Phishing Alert FAQ. Learn more about how to recognize and avoid phishing attacks from the Canadian Centre for Cyber Security.