How Cyber Savvy Are You?

Technology & Innovation

Cyberattacks are among Canada’s fastest growing crimes. Review these tips to help keep your personal information safe.

Do you know the difference between a vishing and a smishing attack? Or that spear phishing doesn’t happen in the ocean? Cyberattacks are among the fastest growing crimes in Canada—and they cause significant personal and business disruption every day.

Because technology—and the tactics used to manipulate users—changes so quickly, it’s important to stay informed. See how well you stack up.

What’s the No. 1 Type of Cyberattack?

Ransomware is a leading threat, and experts say it’s only growing.. This type of malware encrypts a victim’s files, allowing the attacker to demand payment to restore access to important documents or photos stored on your device or network.

What’s the Difference Between Phishing and Spear Phishing?

Phishing is an attempt to obtain usernames, passwords, and credit card details by impersonating a trustworthy sender via email or other digital communication. This may include emails designed to look like they are from someone you know or links to fake websites that trick you into entering sensitive information.

Spear phishing, on the other hand, is highly targeted. These attacks are tailored to a specific individual and may reference personal details, such as a recent trip or a family member’s name, to appear more convincing.

How Many Different Types of Phishing Are There?

Unfortunately, the list continues to grow. Two common types to be aware of include:

• Vishing – The voice version of phishing. The caller may claim to be from a financial institution, law enforcement, or a government agency and attempt to obtain Social Insurance Numbers (SINs), account details, or other personal information under the guise of “verification.”
• Smishing – the text message (SMS) version of phishing. These messages often mimic automated alerts from banks, credit card companies, or digital payment services.

Next Steps: How to Protect Yourself

Cybercriminals are becoming increasingly sophisticated, but you can reduce your risk by putting the following protections in place:

• Be cautious about sharing personal information. Online quizzes or social media posts may seem harmless, but criminals can use this information to guess security questions, such as your first pet’s name or the street you grew up on.
• Use multi factor authentication (MFA). MFA requires two or more forms of verification to access devices, applications, or online accounts.
• Browse in “incognito” or private mode. This can help prevent local search history from being stored and to limit cookie tracking.
• Create strong, unique passwords. Use a mix of upper and lower case letters, numbers, and symbols. Aim for at least 16 characters and avoid personally identifiable information.
  Pro tip: Use a password manager to generate and securely store passwords.
• Use passphrases instead of passwords. Length matters—Longer credentials are exponentially harder for attackers to break using brute‑force or dictionary attacks. They’re also easier to remember. For example, a phrase like “MapleRiver!Cloud7Train” is easier to recall than a short, complex password.
• Use a virtual private network (VPN). A VPN encrypts your internet connection and helps protect your online activity.
• Back up your files regularly. Store backups on an external hard drive or a secure cloud service so you can recover your data in the event of an attack.
• Look for the “s” in “https.” The “s” stands for secure and should be present when entering banking or credit card information. While it doesn’t guarantee a site is safe, its absence is a significant red flag.
• If you suspect a vishing call, hang up. Contact the organization directly using a verified phone number — for example, the one listed on your bank’s official website.