Phishing scam: NRCan simulation could deter donations, United Way says

One of Ottawa’s largest charities is raising concerns about a government agency using its logo in an email posing as a phishing scam, saying it could potentially affect future donations.

Demand from United Way, which raises money for many charities in the area, is at an all-time high. One of the most important fundraisers is the Canadian government’s Workplace Charitable Campaign.

But last week, Natural Resources Canada raised eyebrows with an email disguised as a request for charity donations. The fake email, designed to train employees to recognize phishing scams, used the United Way logo.

“Unfortunately, they’re using the Canadian government’s charitable workplace campaign as the email template,” said Mark Taylor, United Way East Ontario’s vice president of resource development. “The effect is that when you got that you thought you were getting it from the charity campaign supporting United Way.”

“We’ve seen Natural Resources employees go to the blogs on the internet and say, ‘You know, that probably just means I won’t click on anything that comes from the workplace charity campaign,'” Taylor added. “And that’s a shame.”

In a statement, Natural Resources Canada said it conducts internal phishing simulations to increase employee awareness of the dangers of phishing scams.

“Realistic emails are sent with an embedded link,” the statement said. “If the employee reports the message without clicking the link, they will receive an email congratulating them on their vigilance.

“Should they click the link, they will be directed to an internal website that reminds them of the risks of phishing emails and urges them to be cyber-aware.”

According to NRCan, phishing attacks are becoming more sophisticated and use real-world scenarios to fool employees.

“To be successful in raising awareness of phishing, NRCan uses scenarios that can be related to their day-to-day work.”

The December phishing simulation used the GCWCC as a background scenario and was only sent to NRC staff, the statement said. This year’s GCWCC ended on November 30th.

Taylor says United Way and NRCan have been in talks and he is confident they want to help the charity recover and continue to build on the important long-standing partnership.

“Basically, it was probably just a misguided effort,” he said. “They are good partners and we count on them to support us and to help us do whatever we can to help each other through recovery, all for the benefit of the people in our community who need that help more now.” ever need.”

Taylor said demand for United Way’s resources has hit an all-time high this year. This year alone, GCWCC has raised more than $2.5 million. NRCan employees donated more than $540,000 across Canada.

“We’re in a really challenging economic climate,” Taylor said. “People who may not have been vulnerable before are now vulnerable and therefore the need has never been greater. It has exceeded the responsiveness of social authorities and that is why we are counting on people to stand up and help.”

Learn to spot phishing scams

Carmi Levy, a technology analyst based in London, Ontario, says phishing scams, in which criminals attempt to obtain information or money through links embedded in emails, can increase during the holiday season, when more charities solicit donations, but the problem is widespread throughout the year.

“It’s considered best practice for organizations to send test messages to their employees to test their responses to an otherwise genuine phishing attack,” Levy said. “Even if they click the wrong link, it doesn’t result in a ransomware attack on the company. This is what companies need to do to train their employees better, and this is one of the most important ways to do just that. “

Levy offers some tips to potentially avoid a phishing scam. The first: avoid opening links on touchscreen devices.

“Wait until you get to your laptop or desktop computer when you can mouse over the links,” he says. “The actual addresses are shown and you can verify that they look legitimate. In many cases, the addresses differ only slightly. This is usually your clue that they are not from a legitimate source.”

Levy says phishing scams can also be done via text messages over social media. If in doubt, do not reply to the email.

“If there is an organization that you hear from and are interested in making a donation, perhaps if in doubt, reach out to them directly, separate and separate from the message you received to make sure you not get stung. “