Phishing Scams

You’re checking your email, scrolling through texts, or answering a call—and suddenly, something feels off. A message says your account is locked. A link promises a prize. A voice insists you need to act fast. Could it be legit? Or is it a scam?

What is phishing?

Phishing is when scammers pretend to be someone you trust—like your bank, a government agency, or even your boss—to steal your personal information. They use emails, texts, phone calls, and even QR codes to lure you in. The goal? Get you to click, share, or download something that gives them access to your money or identity.

Phishers copy logos, email templates, and sender names to make their messages convincing. They often create fake email addresses or websites that are nearly identical to the real thing. These tricks are meant to fool you at a glance.

Types of phishing

Phishing isn’t limited to email. Scammers keep trying different ways to steal personal information from people. Here are some common ways scammers try to trick you with phishing.

Smishing

“Smishing” is phishing by SMS text message. You might get a text saying something like, “Package delivery issue. Update your address here” with a link.

Vishing

“Vishing” is voice phishing – a scam phone call where someone pretends to be an official and pressures you to give information.

Spear phishing

Some scams are more focused on specific people. In spear phishing, scammers look up information about their target and send messages that seem personal and convincing. They might mention your name, workplace, or recent activities to make the email seem legit. For example, a spear phisher might impersonate your boss and email you: “Hey, can you quickly send me the client list? I’m out of office.” Because it looks personal, you may be more likely to fall for it.

Quishing

“Quishing” is phishing using QR codes. Scammers send you a QR code by email, text, or even printed on a flyer, hoping you’ll scan it with your phone. The code might claim to help you claim a prize, access a secure message, or fix an account issue. Instead, it takes you to a fraudulent website designed to steal your personal or banking information, or it may even trigger a malicious download. Be cautious before scanning QR codes from unknown or unexpected sources.

AI-driven phishing

Scammers now use artificial intelligence to make fake messages that look very real and personal. These scams can copy how people write, talk about recent news, or even sound like someone’s voice. Because of this, they’re much harder to spot than older types of phishing. As technology changes, it’s important to stay alert and update your online safety habits, since scammers are always coming up with new ways to trick people.

How to protect yourself from phishing

Be skeptical

If you receive an unsolicited email, text, or call asking you to click a link, download something, or share info, assume it could be a scam.

Verify the source

If you get an email about a bank account problem, don’t click the link in the email. Instead, open your bank’s app or website yourself, or call the bank using the number on your card.

Don’t share personal info by email or text

Never send passwords, SINs, banking details, or credit card numbers by email or text.

Check sender addresses and links

Get in the habit of looking closely at email addresses and URLs. If the sender’s email domain or the link looks odd, don’t click.

Use security software and update your devices

Keep your computer and smartphone’s security software up-to-date. Install reputable anti-virus programs and let them update automatically.

Enable Two-Factor Authentication (2FA)

Wherever possible, turn on 2FA for your accounts.

Use Anti-Phishing Feature

Many email providers and web browsers have built-in anti-phishing filters. Keep these features on.

Limit Personal Details You Share Online

Consider making your social media profiles private or at least be mindful of what you post.

Educate Yourself and Others

Stay informed about new phishing tactics. Share warnings with family and friends, especially those who may be less internet-savvy.

What to do if you got phished

Disconnect and scan for malware

If you clicked a link or opened an attachment and something downloaded, run a security scan on your device immediately.

Change your passwords

Quickly change the passwords for any accounts that might be at risk. Choose strong, unique passwords you haven’t used before.

Secure your accounts

If you gave out financial info, contact your bank or credit card company immediately. They can monitor your account for strange transactions and help protect your money.

Notify credit bureaus

If you handed over very sensitive personal information, you should take steps to protect against identity theft.

Report the phishing attack

Report scams to the Canadian Anti-Fraud Centre.  Also contact your local police or RCMP. If the phish pretended to be your bank or another company, let them know.

Inform close contacts

If the phish involved your email or social media, scammers might use that access to target your friends or family. Let your contacts know your account was compromised.

Don’t blame yourself

Experiencing fraud is never your fault. Taking care of yourself and staying connected are important steps toward recovery. Learn more about empowerment after financial fraud: If You Suspect Fraud.

Phishing scams continue to evolve, but the core strategy remains the same: they try to trick you into trusting a lie. If you stay alert to the red flags, you can outsmart these scammers. If something smells phishy, it probably is.