You received a suspicious email or SMS from your "bank", "Canada Post" or the "government"? You clicked on a link and entered your personal information? You may be a victim of phishing, one of the most common scams in Quebec.
What is Phishing?
Phishing is a technique where fraudsters impersonate a legitimate organization (bank, government, well-known company) to extract personal information from you: passwords, credit card numbers, SIN, etc.
Most Common Forms
- Email phishing — Fake email from your bank, Netflix, Amazon, etc.
- Smishing (SMS) — Fraudulent text from "Canada Post", "Revenu Quebec", etc.
- Vishing (phone) — Call from a fake bank agent or government official
- Spear phishing — Targeted attack using your personal information to appear credible
Examples of Common Fraudulent Messages in Quebec
"Desjardins: Suspicious activity detected on your account. Click here to verify: [fraudulent link]"
"Canada Post: Your package is waiting. Pay $2.99 delivery fee: [fraudulent link]"
"CRA: You are entitled to a refund of $847. Claim it now: [fraudulent link]"
"Netflix: Your payment failed. Update your information to avoid suspension: [fraudulent link]"
"Hydro-Quebec: Final notice before disconnection. Pay your bill immediately: [fraudulent link]"
How to Recognize a Phishing Message?
- Artificial urgency — "Act now", "Final notice", "Account suspended"
- Suspicious sender address — service@desjardins-security.com instead of @desjardins.com
- Link doesn't match — Hover over the link: the real URL is different from the displayed text
- Spelling mistakes — Real messages from companies are usually well written
- Request for sensitive information — Password, SIN, full card number
- Generic greeting — "Dear customer" instead of your name
Golden Rule
Your bank, the government, or any legitimate company will NEVER ask for your password or complete banking information by email, SMS, or phone. When in doubt, hang up and call the organization's official number.
What to Do If You Clicked on a Phishing Link?
If you only clicked (without entering information):
- Close the page immediately
- Clear your browser cache
- Run an antivirus scan on your device
- Monitor your accounts in the following days
If you entered information:
- Change your passwords immediately — Start with the affected account, then all accounts where you use the same password
- Call your bank if you gave banking information
- Place a fraud alert on your credit file (Equifax, TransUnion)
- Monitor your statements to detect any suspicious transaction
Official Steps
- Report to the Canadian Anti-Fraud Centre — 1-888-495-8501
- Forward the fraudulent email to spam@fightspam.gc.ca
- Report to the impersonated organization — Banks have addresses to report phishing
- File a police report if you suffered financial losses
Where to Report Fraudulent Emails?
- Desjardins: hameconnage@desjardins.com
- National Bank: hameconnage@bnc.ca
- RBC: phishing@rbc.com
- TD: emailfraud@td.com
- Government of Canada: spam@fightspam.gc.ca
How to Protect Yourself in the Future
- Enable two-factor authentication on all your important accounts
- Use unique passwords for each account (password manager recommended)
- Never click on links in emails — Go directly to the official website
- Verify the URL before entering sensitive information
- Keep your software updated — Browser, operating system, antivirus
- Be wary of urgency — Real organizations give you time to think
How Report Quebec Can Help You
Our support:
- Incident documentation for your procedures
- Message verification — We can confirm if it's a known phishing
- Personalized guide based on the information you shared
- Resource guidance — Bank, credit, police depending on your situation
Victim of Phishing?
Report the incident to protect yourself and help identify active phishing campaigns.
File a Report