Cybersecurity: A Matter of Technology... and People!

Cybersecurity awareness: phishing

During this Cybersecurity Awareness Month, it's essential to remember the importance of protecting yourself in the digital world. Cybercriminals have many ways to access your data, but one of the most common remains phishing. Fortunately, several simple and effective strategies can help you guard against it.

Understanding phishing

According to *GetCyberSafe.ca*, phishing is a "common tactic used by cybercriminals to steal your personal and financial information" [1] . These attacks often take the form of fraudulent emails containing links to fake websites, prompting you to enter your login information. These messages can appear legitimate at first glance, but they're designed to deceive. It's therefore up to the recipient to stay vigilant and report any suspicious email.

How to protect yourself from phishing

Here are some best practices to adopt to reduce the risks:

• Verify the sender

Be wary of unusual or slightly altered email addresses (e.g., *support@micros0ft.com*). A simple added or replaced letter can make a fraudulent email address look credible at first glance.

Don't rely on the display name alone: take the time to check the full address. Even if the name is familiar to you, it's important to confirm the associated address, especially if the message seems unusual. For example, if you receive an email supposedly sent by your manager asking for your phone number to continue the conversation by text message, be careful.

• Analyze the content of the message

Be suspicious of messages with an alarming or urgent tone. Cybercriminals exploit the sense of urgency to push you to act quickly, often without thinking. Whether it's about avoiding a account suspension or claiming a prize by clicking a link within the next 10 minutes, this type of message is meant to rush you. In these situations, take the time to carefully analyze the content before reacting.

Watch for spelling or grammar mistakes. Fraudulent emails often contain language errors. While to err is human, official communications from recognized institutions rarely contain major mistakes.

• Never click on suspicious links

Never click on a suspicious link, regardless of where it comes from. These links can redirect you to fraudulent sites designed to harvest your personal information. The same principle applies to unexpected attachments: they may contain malware capable of infecting your computer.

Even if the email comes from a known sender, stay cautious. That person may themselves be the victim of a cybersecurity incident. When in doubt, contact them by another means (phone, internal messaging, etc.) to confirm the message's legitimacy.

• Protect yourself with available technology

Strengthen your protection with technology tools.Enabling two-factor authentication should be turned on everywhere possible to secure your accounts. Favor the app or physical key option over SMS. It adds an extra layer of protection: even if your password is compromised, accessing your account without the second authentication factor will be far more difficult for a cybercriminal.

Another effective approach is to use anti-phishing filters. Email services like Google Workspace or Microsoft 365 already include this type of protection. Take the time to become familiar with the various available controls.

• Test yourself!

Use a testing platform to send phishing messages to your employees. This will let you sharpen your phishing reflexes. You'll also be able to detect whether members of your team need more training.

Conclusion

Cybersecurity is a shared responsibility. By understanding threats like phishing and adopting cautious behaviors, we help protect our data and that of our organization. Even if an email comes from a known contact, if it's unexpected or unusual, it should be treated as suspicious. When in doubt, it's better to confirm with the sender before interacting with the message.

[1] https://www.pensezcybersecurite.gc.ca/fr/hameconnage