Cyberfraud Awareness

Here are a few things to look for when checking to see if an email is authentic. 

Check the email address:

• Most email clients (e.g. Outlook, Gmail, etc.) show only the sender's name – the actual email address is hidden.
• Try clicking/tapping on the sender's name to see the full email address. The domain part of the email address (what is after the @ symbol) should match the organization.

Check links before you click on them:

• Most email clients and browsers show the real link (webpage address) in a status bar when you hover your mouse over the link.
  
  
• Most mobile email clients and browsers show the actual link if you press and hold the link.
  
  

If you are still not sure, verify the request using another medium:

• Contact the company using a phone number or website you know is real.
• Do not use the information in the email and do not click on any of the attachments and/or links in the email as these can install harmful malware.

Here are a few things to keep in mind to reduce your risk with phishing:

• Never reply to or click on links in emails or pop-ups that ask for personal or financial information.
• Install and maintain updated anti-virus software.
• If you think you received a phishing email in your Langara email inbox, use the Phish Alert Button to report it to Langara IT immediately. 

For additional tips on how to recognize phishing, visit the Canadian Centre for Cyber Security.

If you think you have been the victim of a phishing attempt:

• Change passwords for services that were open at that time or that use same/similar passwords.
• If you shared banking/credit card information notify the bank/credit card company immediately.
• If you shared your Langara username/password, immediately notify IT.

Description: A scammer claims to be from a legitimate organization and indicates you are in severe trouble.

Desired Outcome: The scammer will convince you to pay a fee via gift card, crypto-currency, money transfer service, or to collect your personal information.

Signs: The scammer will lead you to believe there will be dire consequences if you do not act quickly.

How to protect yourself:

• Stay calm, do not make hasty decisions, and do not share any personal information.

• For emails, get the actual email address vs. what is shown in the "From:" field and hover over links to get the actual URL. See Phishing for more information. 

• For phone calls, do not rely on Call Display (Caller ID). Ask the caller to spell out their full name, their organization's full name, and their direct phone number.

• Google the information collected to see if this appears legitimate.

• Ask someone you know and trust for advice.

Description: A scammer offers you a great deal on a product or service that you are interested in.

Desired Outcome: The scammer is targeting your credit or debit card information.

Signs: The bigger the discount, the more likely it is to be fake.

How to protect yourself:

• Never give your credit/debit card information over the phone unless you call a verified number for a legitimate business.

• Never enter your credit/debit card information on a website unless you have verified the website is a legitimate business.

• Complete Google searches for the business name to verify the street address, website address, and/or phone number match exactly.

• Check Google reviews for the business. If they have do not have any reviews or mostly negative ones, that is a bad sign.

• Call Display (Caller ID) can be faked so never trust incoming callers.

Description: A scammer posts an ad or contacts you directly about a job.

Desired Outcome: The scammer is after your personal information and/or convincing you to pay for training, materials, and/or a recruiting fee.

Signs:

• Receiving a job offer without an interview or only a phone interview.

• Being hired quickly and sent employment forms to fill out.

• Emails are sent from an address that does not match the company domain name (e.g. @langarajobs.ca instead of @langara.ca).

How to protect yourself:

• For emails, get the actual email address vs. what is shown in the "From:" field and hover over links to get the actual URL. See Phishing for more information.

• For phone calls, do not rely on Call Display (Caller ID). Ask the caller to spell out their full name, their organization's full name, and their direct phone number.

• Google the information collected to see if this appears legitimate.

Description: A scammer posts a rental ad for a place that does not exist or does not belong to them.

Desired Outcome: A scammer is looking to obtain a rental deposit/advance from you.

Signs:

• You cannot view the space in person.

• The scammer tries to rush you to put down a deposit before a lease is signed.

• The price is too good.

• The ad has typos, poor grammar.

• They do not ask you for references (tenant screening process).

• The lease is incomplete or has blank spaces.

How to protect yourself:

• Google the address and name of the person.

• Meet the landlord in person, check their ID, and walkthrough the entire space.

• If you are unable to go in person, arrange for someone you trust to visit the property in person.

• Talk to others in the area to confirm who owns the property.

• Conduct an online search of any photos of the rental or the address to see if it has been associated to scams in the past.

• Ask to see previous utility bills for the address to confirm the person is indeed the landlord.

• Ensure a proper rental agreement is provided and signed by both parties.

• Consider paying with something other than cash or e-transfer, such as a personal cheque, a bank draft, or certified cheque.

If you believe you’ve been scammed:

• Immediately change all of your passwords.
• Delete any malicious software you may have downloaded.
• Call your credit card company, if necessary.

Contact the Canadian Anti-Fraud Centre toll-free at 1-888-495-8501 to report the scam and get help with the next steps.