What is phishing and how do I avoid it?

Phishing is when scammers pretend to be a trusted organisation — your bank, Canada Post, the CRA, or a popular store — and send you a fake email, text, or message asking you to click a link and enter your login details. The word 'phishing' rhymes with 'fishing' — they are casting a net hoping someone will bite. The fake website looks almost identical to the real one, but anything you type goes directly to the criminals. The most reliable way to avoid phishing is simple: never click a link in an email to log in to an account. Instead, close the email and type the website address yourself in your browser.

What to do

  1. Recognise the pattern: an urgent email saying your account has a problem, with a link to 'fix' it.
  2. Do not click the link — even if the email looks real.
  3. Open your browser and type the website address yourself (e.g., scotiabank.com).
  4. Check the real sender address — scammers use addresses like 'service@scotiabank-secure.net'.
  5. When in doubt, call the organisation directly using the number on your card or from their official website.
  6. Report phishing emails using the 'Report Junk' button in Apple Mail.

The 3-Second Rule

Never log in to any account by clicking a link in an email. Always type the address yourself. This one habit stops most phishing.

Important Warning

Phishing messages now look almost identical to real ones. Even tech-savvy people get fooled. The safe habit is the same regardless: type the address yourself.

Learn More

Go deeper with our full lesson: Module 5: Email & Messages.

← Back to all Quick Answers