Cybersecurity during a pandemic

Phishing is a type of online attack in which an attacker — using both technological and psychological tactics — sends one or more individuals an unsolicited email, social media post, or instant message designed to trick the recipient into revealing sensitive information or downloading malware.

It can happen instantly by opening an email with an infected attachment or clicking on an innocent-looking link that downloads malware or tricks you into logging into a fake website. Within moments, you’ve exposed your most sensitive personal or confidential information to attackers.

Phishing messages can range from very basic to highly sophisticated. Common “red flags” include:

• Suspicious sender or reply-to address: always treat messages from unknown or unfamiliar senders or accounts with extra caution.
• Unexpected message: messages from recognized senders unrelated to normal communications or job responsibilities can signal an account has been compromised or is fake.
• Suspicious attachments: messages with unexpected or unusual attachments can contain malware.
• Suspicious links: messages that encourage recipients to click and follow embedded hyperlinks may point to websites unrelated to the message and under the attackers’ control.
• Poor spelling: spelling and grammar errors may indicate a phishing attack since legitimate organizations typically avoid these mistakes in their communications.

Do not open suspicious file attachments. If you receive an unexpected attachment, contact the sender (preferably by phone) to confirm that the attachment is legitimate. If you cannot confirm its legitimacy, report the attachment to your IT department (if applicable), or delete it.

You can help protect yourself from certain cyberattacks by adopting the following best practices:

• Always use unique account usernames and passwords – if stolen, account credentials can and will be reused at other sites by fraudsters.
• Use multifactor authentication (e.g., security codes, biometric) to prevent stolen passwords from being used by fraudsters.
• Filter incoming messages to reduce spam and other unwanted content.
• Use software that prevents, detects, and removes malicious code and performs real-time scans.
• Keep browsers and other software up to date: malicious code often exploits security vulnerabilities made possible by outdated browsers and other software.
• Ensure that you regularly update all software and operating systems if it is not possible to set up automatic updates.
• Always back up your most sensitive files and folders.

If a successful cyberattack has occurred, public and healthcare organizations should contact our office for advice and further guidance. You can reach us at (416)326-3333, 1-800-387-0073 (toll-free), or @email or submit a privacy breach report to us using our online form.

For members of the public, several agencies can provide advice and information about cyberattacks and identity theft:

• The Canadian Identity Theft Support Centre offers expert advice to Canadians who have become victims of identity theft.
• The Canadian Anti-Fraud Centre is the central agency in Canada that collects information and criminal intelligence on such matters as mass marketing fraud (i.e. telemarketing), internet fraud and identity theft complaints.