Len Bastien
Stag Special
As Defence Chief Information Officer (CIO) and Assistant Deputy Minister (Information Management), it is my role to advise the Defence Team of potential cyber security concerns. Recently, there has been a rise in phishing campaigns from malicious actors.
Alongside the Communications Security Establishment (CSE) and its Cyber Centre, I encourage all Defence Team members to be mindful of any suspicious e-mails, particularly from unknown or untrusted sources. This may include e-mails which ask for log-in information or seek to redirect you to external websites.
Don’t take the bait! If you encounter a suspicious link, e-mail, or website, report it to your unit Information System Security Officer (ISSO) as well as to Phishing-Hameconnage@forces.gc.ca for review.
As October was Cyber Month — formerly known as Cyber Security Awareness Month — which recently closed out, you can find tips and advice in this wrap-up article.
Here are different types of phishing attempts you may encounter:
• Phishing occurs when a scammer calls you, texts or emails you, or uses social media to trick you into clicking a malicious link, downloading malware, or sharing sensitive information. Phishing attempts are often generic mass messages, but the message appears to be legitimate and from a trusted source, such as from a bank or company you do business with.
• Spear phishing targets you specifically. The message may include personal details about you, such as your interests, recent online activities, or purchases.
• Whaling is another kind of personalized attempt that targets a big “phish” such as a CEO, executive or user with a higher level of authority and access to more sensitive information.
How to spot phishing: You don’t recognize the sender’s name, email address, or phone number; you notice a lot of spelling and grammar errors; sender requests your personal or confidential information; sender makes an urgent request with a deadline; and the offer sounds too good to be true.
Watch out for attachments, hidden links, spoofed websites, log-in pages and “urgent” requests. If an e-mail or attachment seems strange, don’t open it or respond to it.