Thursday, June 12, 2025

SPAM! A phishing email

Phishing email

Here is a rather convincing SPAM phishing email I got:

Notice of Missed Payment – Vehicle Registration

Date: June 12, 2025

SGI Customer Number: 111820955024

Dear Customer,

We are writing to inform you that your most recent payment for your SGI vehicle registration was not received by the due date. As of this notice, your registration is now considered past due.

It is important to address this matter as soon as possible to avoid penalties, service interruptions, or possible fines. To bring your account up to date, please visit the SGI website at your earliest convenience.

Click here to make a payment or manage your registration

If you believe you have received this notice in error, or if you have already submitted your payment, please contact SGI Customer Service immediately at 1-844-TLK-2SGI (1-844-855-2744).

Thank you for your attention to this matter.

Sincerely,
Saskatchewan Government Insurance (SGI)

This is an automated message. Please do not reply to this email.

I hovered over the hyperlink and it showed the bogus website I would have been taken to if I had clicked on it. Remember to hover over links to look at the address they point to. Clicking on these types of links will result in data breaches, viruses and spyware, and identity theft. That is your best defence in not falling for phishing emails. 

They are certainly getting better at this!
 
The ins and outs of "phishing": 
 

Phishing is a form of cybercrime where attackers impersonate legitimate institutions or individuals to trick people into revealing sensitive information such as passwords, credit card numbers, or Social Insurance Numbers. It’s one of the most common types of online fraud. Here's a full breakdown of the ins and outs of phishing:

🔍 What Is Phishing?

Phishing is a social engineering attack designed to deceive you into taking an action—clicking a malicious link, downloading a file, or providing personal details.

The name comes from "fishing," as in casting bait (a phony email or website) and hoping someone bites (clicks or replies).

🎣 Common Types of Phishing

1. Email Phishing

  • The most common type.

  • You receive an email pretending to be from a trusted source (bank, Amazon, CRA).

  • It may include fake links or attachments.

  • Often urgent ("Your account will be closed if you don’t act now").

2. Spear Phishing

  • Targeted attacks aimed at specific individuals or organizations.

  • Uses personal information (your name, job title, or recent purchases) to seem convincing.

  • More sophisticated and harder to spot.

3. Whaling

  • A type of spear phishing targeting high-level executives or important people ("big fish").

  • The goal is usually to access company secrets or authorize large transactions.

4. Smishing (SMS Phishing)

  • Delivered by text message.

  • Usually includes links or fake alerts from delivery companies, banks, or government agencies.

5. Vishing (Voice Phishing)

  • Done over the phone.

  • Common scams include fake CRA or IRS calls demanding payment, or pretending to be your bank’s fraud department.

6. Clone Phishing

  • A legitimate email you've already received is copied, but with a malicious link or attachment replacing the original.

  • Looks almost identical to the real one.

🛠️ Phishing Techniques

  • Spoofed email addresses – From addresses that look nearly identical to legitimate ones.

  • Fake websites – Designed to look just like real sites (banks, stores, or login portals).

  • Scare tactics – “Unusual login detected” or “Your account is compromised!”

  • Link manipulation – A visible link says one thing, but the actual hyperlink goes somewhere malicious.

  • Malware attachments – Documents that secretly install keyloggers or spyware.

🧠 Why It Works

  • Urgency clouds judgement.

  • Trust in brands is exploited (e.g., PayPal, Amazon, RBC).

  • Curiosity (e.g., “invoice attached,” “see who viewed your profile”).

  • People are often multi-tasking and not paying full attention.

🧯 How to Spot a Phishing Attempt

  • Poor grammar or spelling.

  • Suspicious sender address (e.g., support@amaz0n-billing.com).

  • Unsolicited attachments or links.

  • Requests for sensitive info over email or text.

  • “Too good to be true” offers.

🛡️ How to Protect Yourself

  • Don’t click suspicious links. Hover to preview where they go.

  • Never share sensitive info via email or text.

  • Enable 2-factor authentication (2FA) whenever possible.

  • Keep your software and browser up to date.

  • Use security software with phishing detection.

  • Report phishing to the proper authorities (e.g., the Canadian Anti-Fraud Centre).

🧪 What To Do If You Fall for One

  1. Disconnect from the internet if you downloaded a file.

  2. Change your passwords immediately.

  3. Notify your bank or credit card company.

  4. Scan your device with up-to-date antivirus.

  5. Report it to your IT department (if at work) or to the proper cybercrime authority.

🇨🇦 In Canada

If you suspect a phishing attempt:

  • Report to the Canadian Anti-Fraud Centre at antifraudcentre-centreantifraude.ca

  • Contact your bank or credit card provider.

  • If identity theft occurs, contact Equifax and TransUnion.

Source: Some or all of the content was generated using an AI language model
on

No comments:

Post a Comment

Contact The Wizard!
(he/him)