Beware of phishing

Phishing is a type of scam where cybercriminals (i.e., hackers) impersonate genuine organizations to trick victims into doing what the hacker wants.

Hackers can use a range of tactics, such as email, text messages, social media, phone calls, apps or advertisements to trick the user into revealing personal or sensitive information, such as passwords or banking information, with the goal of defrauding you, your business or a larger organization.

Don’t get hooked

Hackers also use phishing to deliver malicious software (i.e., malware or ransomware) by encouraging victims to download a document or visit a link or fake website that will secretly install and distribute malware, ransomware or other damaging and disruptive attacks that can put your practice at risk.

Especially during times of global crisis and emergency, cybercriminals may exploit the accompanying chaos, stress and grief that difficult situations may bring, preying on victims’ heightened vulnerability.

What you can do

Anyone can be a victim of a phishing or cyberattack, at any time. However, there are several things you can do to protect yourself, your business, and the personal health information of your patients.

Tips to Spot Phishing Email:

  1. Be vigilant when opening or responding to emails: Make sure to only open emails or click on links/documents/websites from known sources.
  2. Beware of online requests for personal information: Avoid emails, calls, text messages or advertisements seeking to take advantage of specific economic, environmental or humanitarian impacts. A crisis-themed email that seeks personal information, such as your Social Insurance Number or login information, is a phishing scam. Legitimate government agencies will never for this information. Do not respond to the email with your personal data.
  3. Check all links: You can inspect a link by hovering your mouse over the URL to see where it leads. Sometimes, it's obvious that the web address is not legitimate. Keep in mind that phishers can create links that closely resemble legitimate addresses. Delete the email.
  4. Watch for spelling and grammatical mistakes: If an email includes spelling, punctuation and grammar errors, it's likely a sign that you've received a phishing email. Delete the email.
  5. Look for generic greetings: Phishing emails are unlikely to use your name. Greetings like "Dear sir or madam" signal that an email is not legitimate. Delete the email.
  6. Avoid emails that insist you act now: Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information immediately. Delete the email.
Phishing awareness poster