About: What to do if you've been Phished!

Overview: This article outlines how to tell if you've been phished, and actions to take to protect your account and information afterwards!

What is Phishing?

Phishing is a common method used by cybercriminals to try to steal information, access your account, or perform some other malicious activity against you. They do this by sending emails that seem real, urgent, or threatening, and ask for sensitive personal information or money. Additionally, these emails may contain links or attachments that could harm your device if you click or open them. When we say "phishing" we're normally talking about emails, but phishing can take other forms as well. Please see the below list of methods similar to phishing!

Quishing: Quishing takes advantage of QR codes, waiting for the user to scan them and send money or visit a malicious website.

Vishing: Vishing relates to phone calls that try to get you to provide information. An example would be someone calling and saying they are from your bank, asking for your banking information for "support," when in reality they are trying to steal information.

Smishing: Smishing is almost the same as phishing, but comes in the form of a text message.

If you ever receive a message that seems suspicious, is unexpected, or from someone you don't know, please report the message. These messages may also look to imitate someone you do know, so be careful to confirm. If the message isn't written the way it should be then we'd recommend reaching out to the person using a verified method (calling them, talking to them in-person, etc...)

How do I know if I've been Phished? 

Phishing emails are really common and really convincing. It's not uncommon to click a link, provide some information, or download something from someone you trust. If you think you've been phished, ask yourself the below questions to verify:

Did you click a link? Phishing messages contain links to sites that you don't recognize, or that seem suspicious. These websites may also imitate legitimate ones with slightly misspelled names. An example could be "google.com" being spelled as "googler.com" - a slight difference in spelling can tell you that it's not the correct site.

Did you download something? Downloading a file from a suspicious email could be an indicator that you've been phished. Downloaded files can be used to compromise your computer through a virus or a piece of software you don't want. Never install or download a file from an email you don't recognize.

Did you provide any information? Never respond to an email with your username, password, or personal information. As we've mentioned before, these emails are really convincing and may seem like they want to help you, but this usually isn't the case. If you've provided any information like this, you may have been phished.

What do I do if I've been phished? 

Getting phished can be alarming, but don't worry! Please follow the below steps to secure your account and any other information that may have been shared.

Reset your password: If you've shared your username or password, be sure to change them. This can be done for your CNC account using this article: https://cnc.teamdynamix.com/TDClient/56/Portal/KB/ArticleDet?ID=4847 but be sure to check instructions for other sites. 

Contact your school, work, or bank: If you've shared information related to your school, work, or bank, be sure to contact them! They'll often have resources that can help keep your information safe, and may be able to provide further support from their IT department. If you've shared information related to your CNC account or schooling, please contact cybersecurity@cnc.bc.ca as we're here to help!

Report the message: Even if you've been phished, reporting messages may prevent further phishing messages from reaching you. When you report a message, this lets your email provider know what to look for when blocking suspicious messages.

Reach out for support: If you've been phished and you feel you need further support, please reach out to the below Crisis Prevention, Intervention, and Information Centre for Northern BC:

24 Hour Crisis Line: 1-888-562-1214

310Mental Health Support: 310-6789

Phishing can be scary, embarrassing, and upsetting. It can have really negative impacts, and that's why we're here to help. Please reach out if you need support in any way to the above resources.

If you have any questions about this article, or about phishing, please contact cybersecurity@cnc.bc.ca for assistance!