You have just clicked on a link in a phishing simulation. Had this not been a simulation, it is very likely that you just exposed sensitive personal, and organizational information to a cyber-criminal. It is vitally important in today’s connected world to develop the “street smarts” required to simultaneously protect your personal identities both at work and at home. Don’t let yourself be the next victim of phishing.

---

Just remember HALT! The HALT technique is designed to teach you the skills you need to recognize phishing emails in 4 simple steps:

Hover your mouse over the email address and the link (without clicking!) to locate the domains.

Analyze the domain (ignoring the subdomain if there is one) in the email address and in the link. It should reference a valid organization and be consistent with the message.

Look for subtle changes to the domain. Scammers often use sneaky look-alike domains.

Test the validity of the email by looking up the sender and calling them to confirm before clicking (be sure to look up the real phone number - not the one in the email!).

Key Clues to identify phishing scam emails

• The sender's email domain is not a valid departmental address.
• The message was not bilingual.
• The greeting was generic.
• There were spelling and grammatical errors in the text.
• Hovering over the link (without clicking) reveals a different URL.
• There was no contact information provided.

Your participation in this learning exercise will assist us in making improvements to our overall Security Awareness Program.

For more information, please visit www.getcybersafe.gc.ca and our FAQ Page.

Be on the lookout! You will be sent additional phishing simulations in the future as part of the Security Awareness Program.