A simple guide for Canadians
Phishing is one of the most common ways scammers try to steal personal or financial information.
It can happen through emails, text messages, social media messages, fake websites, or even phone calls.
The goal is usually simple: trick you into clicking a link, sharing information, sending money, or logging into a fake website that looks real.
Phishing scams can look convincing, especially when they pretend to be from a bank, the CRA, a delivery company, a streaming service, or another company you already use.
What does phishing mean?
Phishing is when a scammer sends a fake message that tries to trick you into giving away sensitive information.
That could include:
- Your banking login
- Your credit card number
- Your password
- Your Social Insurance Number
- A verification code
- Personal details like your address or date of birth
The word “phishing” sounds like “fishing” because scammers are trying to bait people into responding.
They send out fake messages and hope someone bites.
What does a phishing message look like?
A phishing message might say something like:
“Your bank account has been locked.”
“Your CRA refund is ready.”
“Your package could not be delivered.”
“Unusual activity has been detected.”
“Click here to confirm your details.”
“Your payment failed.”
These messages are designed to make you act quickly.
That is the trick.
The scammer wants you to panic, click the link, and enter your information before you stop to think.
Common examples of phishing
Phishing can appear in many everyday situations.
You might receive a fake text pretending to be from your bank.
You might get an email that looks like it came from the CRA.
You might see a fake delivery notice saying you need to pay a small fee.
You might receive a message saying your Netflix, Amazon, PayPal, or phone account has a problem.
You might even get a fake job offer, fake investment opportunity, or fake security warning.
Or you could fall for something similar to what happened to me. I once clicked an advertisement that appeared to be from my broker and was offering a promotion. It turned out to be fake, and my money was gone. Thankfully, I stayed calm, contacted my broker quickly, and they refunded my cash.
The message may look professional. It may use logos, colours, and wording that seem familiar.
But that does not mean it is real.
Red flags to watch for
Phishing messages often have warning signs.
A message may be suspicious if it:
- Creates urgency
- Asks you to click a strange link
- Requests your password
- Asks for a verification code
- Has spelling or grammar mistakes
- Comes from an unusual email address
- Offers money that seems too easy
- Threatens to close or lock your account
- Asks you to pay a small fee to release a refund or delivery
Not every scam will have obvious mistakes. Some are very polished.
That is why it is important to slow down before clicking anything.
Why phishing matters
Phishing is not just annoying spam.
It can lead to real financial damage.
If a scammer gets your login details, they may be able to access your accounts.
If they get your credit card information, they may try to make purchases.
If they get personal information, they may try to commit identity theft.
If they get a verification code, they may be able to bypass account security.
This is why you should treat unexpected messages carefully, especially if they involve money, passwords, refunds, deliveries, or account warnings.
What should you do if you receive a suspicious message?
The safest move is usually not to click the link.
Instead, pause and check the message another way.
You can:
- Go directly to the official website yourself
- Open your banking app manually
- Call the company using a number from its official website
- Check the sender’s email address carefully
- Avoid replying to the message
- Delete the message if you are sure it is fake
For example, if you receive a text saying your bank account is locked, do not click the link in the text.
Open your bank app yourself or call the number on the back of your bank card.
Be careful with verification codes
One common phishing trick is asking for a verification code.
A scammer may pretend to be your bank, phone company, or another service and ask you to send them a code that was texted to your phone.
Do not share these codes.
Verification codes are often used to prove that you are the real account holder. If you give the code to a scammer, they may be able to access your account.
A real company should not need you to send them your private login code through a random message.
What if you clicked a phishing link?
If you clicked a suspicious link but did not enter any information, you may be okay, but you should still be cautious.
If you entered a password, card number, banking details, or personal information, act quickly.
You may need to:
- Change your password
- Turn on two-factor authentication
- Contact your bank or credit card provider
- Watch your accounts for suspicious activity
- Report the scam
- Check your credit report if personal information was exposed
The faster you act, the better.
How to protect yourself from phishing
You cannot stop every scam message from reaching you, but you can reduce the risk.
Use strong, unique passwords for important accounts.
Turn on two-factor authentication where possible.
Do not reuse the same password for banking, email, and investing accounts.
Be careful with links in unexpected messages.
Keep your phone, browser, and apps updated.
And remember: scammers rely on speed, fear, and pressure.
Slowing down is one of your best defences.
Fresh Tip
If a message makes you feel rushed, worried, or pressured to click a link, pause before doing anything. Scammers want you to react quickly. You do not have to.
Final thoughts
Phishing is when scammers use fake messages to trick people into sharing personal or financial information.
These scams can look like bank alerts, CRA messages, delivery texts, account warnings, refund notices, fake promotions, or investment offers.
For beginner Canadians, the key is to slow down and check before you click.
Do not trust a message just because it uses a familiar logo or sounds urgent.
When in doubt, go directly to the official website or app yourself.
A few extra seconds of caution can protect your money, your passwords, and your personal information.
Learn more