Defence CIO Message: Phishing Attacks on the Rise

November 10, 2022 - Defence Stories

Defence Team,

As Defence Chief Information Officer (Defence CIO) and Assistant Deputy Minister (Information Management), it is my role to advise the Defence Team of potential cyber security concerns. Recently, there has been a rise in phishing campaigns from malicious actors.

Alongside the Communications Security Establishment (CSE) and its Cyber Centre, I encourage all Defence Team members to be mindful of any suspicious emails, particularly from unknown or untrusted sources. This may include emails that ask for log-in information or seek to redirect you to external websites.

Don’t take the bait! If you encounter a suspicious link, email, or website, please report it to your unit Information System Security Officer (ISSO) as well as to Phishing-Hameconnage@forces.gc.ca for review.

As October was Cyber Month (formerly known as Cyber Security Awareness Month), which recently closed out, you can find tips and advice in this wrap-up article.

Here are different types of phishing attempts you may encounter

• Phishing occurs when a scammer calls you, texts or emails you, or uses social media to trick you into clicking a malicious link, downloading malware, or sharing sensitive information. Phishing attempts are often generic mass messages, but the message appears to be legitimate and from a trusted source, such as from a bank or company you do business with.
• Spear phishing targets you specifically. The message may include personal details about you, such as your interests, recent online activities, or purchases.
• Whaling is another kind of personalized attempt that targets a big “phish” such as a CEO, executive or user with a higher level of authority and access to more sensitive information.

How to spot phishing

• You don’t recognize the sender’s name, email address, or phone number
• You notice a lot of spelling and grammar errors
• The sender requests your personal or confidential information
• The sender makes an urgent request with a deadline
• The offer sounds too good to be true

Watch out for attachments, hidden links, spoofed websites, log-in pages and “urgent” requests.

If an email or attachment seems strange, don’t open it or respond to it.

Thank you for your immediate attention to this matter.

Len Bastien
Assistant Deputy Minister (Information Management) and Defence Chief Information Officer