What is a phishing email?
If you receive an email claiming to be from a representative of an organization that asks for a payment or fee for participation in an event or service, it may be a phishing attempt.
These emails are not legitimate if they did not come from the organization’s official domain and did not pass through their servers.
How can I tell if the email wasn’t legitimate?
-
Sender address
• The message may come from a personal email account (e.g., Gmail, AOL), not the organization’s official domain.
• All official communication from the organization will come from its verified domain.
-
Email routing
• The email may not pass through the organization’s servers.
• It could originate from an unrelated mail provider, meaning it is completely outside the organization’s control.
-
Red flags
• Requests for payment or personal information via email.
• Sense of urgency (“act now” or “limited spots”).
• Informal language or errors inconsistent with professional communications.
• Links or attachments directing you away from the organization’s official website.
Will changing spam filters or email settings help?
No.
Even if you adjust spam scoring or filtering rules on your email system, it won’t block these types of messages, because they did not originate from the organization’s servers.
Phishing messages are sent from external sources pretending to be legitimate.
The best defense is awareness and verification, not server-side filtering.
Why do people send these emails?
Cybercriminals send phishing emails to:
-
Steal money through fake fees or deposits.
-
Collect personal or financial information.
-
Gain access to accounts or systems.
They often impersonate well-known organizations to make their messages look credible.
How can I avoid phishing scams?
-
Check the sender’s domain — legitimate organizational emails will always come from the official domain.
-
Don’t send money or credentials in response to unsolicited emails.
-
Hover over links before clicking to confirm the website’s address.
-
If something feels off, contact the organization directly using verified contact details.
Where can I report phishing emails in Canada?
You can report phishing and scam emails to:
-
Canadian Anti-Fraud Centre: phishing-report@antifraudcentre.ca
-
Online reporting: https://www.antifraudcentre-centreantifraude.ca/report-signalez-eng.htm
-
For theft or loss of personal information, contact local police or the RCMP: https://www.rcmp-grc.gc.ca/en/cybercrime
Helpful Videos
Here are a few short, trusted tutorials that explain phishing and how to spot it:
-
Phishing Explained in 5 Minutes – Recognize, Avoid, Report (Heimdal)
-
How to Spot a Phishing Email – CISA – Recognize and Report Phishing
(Note: These videos include some U.S. examples, but the same principles apply. For reporting in Canada, use the contacts above.)
