The Calgary Police Service (CPS) is advising people to be on the lookout for an email phishing scam.
CPS said it has received several reports from Calgarians in the last few weeks saying they were contacted by email scammers claiming to have login information to various websites and accounts.
The scammers demand money, saying they’ve recorded the victim accessing a questionable website. They threaten to publicize that information if the person doesn’t pay up — often through a bitcoin payment. Offenders also include the victim’s password to prove they were able to access their computer and to make the threat seem more credible.
According to police, the scammers actually got the logins from a previous, unrelated data breach where the victim’s password was compromised — such as an app, social media platform or retail company. Sgt. Ray Kelly of the CPS Cybercrime Team said people need to be proactive about protecting their personal information online.
“Criminals take advantage of the fact that many citizens use the same password for many of their online accounts and change these passwords infrequently,” he said. “At the very least, citizens should use unique passwords for each account and passwords should be changed regularly, as well as following a data breach.”
No one who reported this recent phishing scam lost any money, police said, but since the start of 2019 Calgarians have lost more than 1.2 million dollars through various email scams. Most of those losses stem from fake job offers and scammers diverting emails containing either financial information or corporate payroll deposits, police said. Calgary police believe these cases are often underreported.
The CPS offered the following steps people can take to protect from phishing emails:
- Be suspicious of unexpected and unusual emails, especially ones demanding some form of urgent action. Never click links, send money or respond until you have confirmed the email to be legitimate through a second source
- Know how to recognize phishing emails: check who sent the email, be suspicious of emails sent from people you don’t communicate with regularly and look for spelling mistakes or extra letters, numbers and symbols in the sender’s email address
- Check for bad grammar and spelling mistakes in the body of the email
- Check hyperlinks by hovering your mouse over a link to check its true destination. Never open attachments or click on links until you’ve verified it is a legitimate email
- Check the date and time the email was sent. Phishing emails are often sent at times you wouldn’t normally receive emails
- Change passwords regularly and after an account has been compromised by a data breach
- Check if your email addresses and online account information has been compromised in a previous data breach through the website https://haveibeenpwned.com
Comments