What are phishing scams?
Phishing scams try to trick you into handing over your personal and banking details to scammers.
The emails you receive might look and sound legitimate. Email scams usually meet at least 1 of 3 main criteria. It's likely a scam if the email you receive:
- comes from a sender you do not know;
- is not specifically addressed to you; or
- promises you some type of benefit.
We've received reports that some Yukoners may have received false or misleading messages that appear to be from the Government of Yukon. Genuine government authorities will never ask you to send them your personal information by email.
What should you look for?
Many current phishing attempts use the names and emails of your contacts or business partners to try to fool you. Scammers can easily copy the logo or even the entire website of a real organization. Be wary of any email that asks you to visit a website to "update", "validate" or "confirm" your account information.
Do not assume an email you receive is legitimate because it looks official. Carefully inspect all emails you receive, even if they appear to come from a person or organization that you know. If an email appears to come from an organization, contact the organization first to verify whether the message is legitimate.
What should you do if you receive a phishing email?
- Delete phishing emails.
- Do not open any attachments or follow any links, because they can carry viruses that can infect your computer. This infection can then spread from your computer to the computers of all of your contacts, including your friends, family and colleagues.
How to identify an email phishing attempt
If you receive a suspicious email from someone posing as a Government of Yukon employee:
- Verify the sender:
- Does the sender’s name match the email address?
- Does their email address follow the correct government format of email@example.com?
- Do not download or open any included attachments.
- Do not click any included links.
- Do not reply to the sender.
- Report it to firstname.lastname@example.org.
What a phishing email can look like
View this image of what a phishing email might look like. We've also included the text on this web page below. There's a 3 kilobyte file attached to the email that's named "Outstanding_Invoice#586414.shtml".
What the email says
From: Karen Thomas <email@example.com>
Please see attached outstanding invoice. Notice of intent to cancel was sent to your accounting department
Government of Yukon logo
Account Receivable Supervisor
This message is sent by a law firm and may contain information that is privileged or confidential. If you receive this transmission in error, please delete the message and any attachments.
THIS IS AN AUTOMATED EMAIL. PLEASE DO NOT REPLY TO THIS EMAIL.
What to spot in this example
This email sender is impersonating a government employee. You can tell because:
- the sender’s email address does not match their name;
- some details, when you look at them closely, do not make sense, such as including a Government of Yukon logo when it comes from a non-Government of Yukon email address; and
- the email wording is suspicious, such as seeking financial information.
What else to be wary of
Other things to watch for in phishing attempts could include emails that:
- have an attached document that includes a link that's dangerous to open;
- come from an address ending with “@gov.yk.ca” – this is no longer an acceptable government email address;
- ask for or include promises to send money; and
- use applications or methods that are not commonly used by the government – for example, requests for bitcoin or your credit card details.
These messages are fraudulent. You should delete them immediately. If you receive this or a similar email, report it to firstname.lastname@example.org.
If you receive a suspicious call from someone posing as a Government of Yukon employee take these steps.
- Do not provide any information.
- Do not respond to the caller’s request.
- Hang up or end the call.
- Contact email@example.com.