When it Comes to Cyber Security, it's Always Good to be Skeptical

Amidst everything going on in the world over the past few weeks, the attention of the world's population has been almost solely focused on the latest news reports, along with the hope that everything will go back to normal as soon as possible. However, simultaneously, cyber criminals—as they always do—have been hard at work taking advantage of the situation, launching a multitude of new scams to deceive the public.

As Canadians, the months of February through March are usually filled with social engineering scams, including fake emails and phone calls that come from criminals pretending to be the Canada Revenue Agency. This year, that’s still happening but, to add to the mix, the scams are also focused on recent topics, including government financial support programs for small businesses, and more.

Of course, there is more. Now, as millions of Canadians move to a home office environment, the number of email scams have also increased. Examples include fake emails that are made to look like they are from the HR department of the respective company—even including logos, standard looking signatures and so on—asking people to click a link to view their HR profile for benefits, payments, etc.

Then there are the plethora of links that are being shared through email, social media and text messages that show so-called live maps and dashboards of COVID-related information. These so-called dashboards are littered with malware and viruses all designed to take advantage of the current world situation.

And, to be clear, it happens to everyone. Just a few months ago I received an email from a friend who works at a company in Toronto. The email was from her email address, had her email signature and logo, it was her email in every way. But the text seemed “off." There were a few grammatical mistakes that were highly suspect—something my friend would never say or write—and also the message was asking me to download a document. Again, something she’d never usually do.

So, I responded to the email asking her if she sent it—keep in mind that I work in cyber security and like to play with this type of stuff—and sure enough, a response came back almost immediately. Needless to say, this time the grammar and messaging was way off. This was a sign that her email account was compromised, so I called her office and sure enough she was unaware of what was happening. Luckily, it got fixed, and no one was harmed.

The moral to this story: question everything. And though I know that it sounds terrible to ask people to put aside their usual good-natured and trusting demeanor, the reality is that cyber criminals are counting on that exact personal trait.

The real trick here is to look at everything with a critical eye, and don't blindly trust things that show up in feeds, emails or by phone. For example, if at anytime you receive an email that seems "weird", question it and ask the person who sent it if it's real.

It's okay to reach out to people to ask them if the email or text is valid. It's okay to ask a person calling from the government to hang up and you will call them back at the number published on the government website. And, it's always okay to call your IT department and let them know that you received a suspicious email, or if you clicked on a link that you now suspect to be nefarious.

The lessons here are that everyone sometimes makes mistakes, and when it comes to cyber security, learn from them and move on knowing you are better for it and can spot a scam sooner than you could before. More so, know that everyone is a target. The more you practice open and honest communication, along with a questioning nature, then you will keep you, your data and your organization that much safer.