Cyber security for union activists
As a union activist, you likely receive many emails related to your volunteer work, whether they are from other members or PSAC officials. This may make you a target of phishing attacks and other forms of cybercrime.
Here are 10 tips on how to identify a phishing email.
Tip 1: Don’t just trust the sender’s name
Many cybercriminals will use a sender’s name you’d recognize — usually a legitimate person, organization, or brand. This could look like someone pretending to be your region’s REVP or the Chair of a committee you are part of. Cybercriminals use this information to trick you into trusting them and engaging in fraudulent activities. Do not trust their name by default!
If you are not sure whether the request is real, reach out to the sender through another medium (for example, if you receive the request by email, call them).
Tip 2: Look but don’t click
On a computer, hover your mouse over any links embedded in the body of the email. If the link address looks off in any way (for example, the link does not match the legitimate organization’s website URL), do not click on it. If you want to test the link, open a new browser window and type in website address instead of clicking on the link in the unsolicited email.
Tip 3: Check for spelling or grammar mistakes, or urgent language
Phishing scams often have incorrect grammar or spelling, or they overuse punctuation such as exclamation marks. They may also be using urgent language and demanding you to take immediate action. Be suspicious if you notice these items in an unsolicited email!
Tip 4: Analyze the content of the message and the salutation
Is the email addressed to a vague, “Valued Customer?” or “PSAC member”? Is the email asking you to do something unusual, like purchase gift cards for an elected PSAC official? If anything seems off, it likely is.
Tip 5: Never share your password
PSAC will never ask you for sensitive information like your password or PIN. We will never ask you to share your banking information by email. Always be suspicious of unexpected emails asking you for these things or other personal information.
Tip 6: Do not respond to any emails about e-transfers or investments
PSAC will never ask you to send e-transfers or purchase gift cards as part of your union work. If you receive these types of requests, even if they seem to be coming from someone legitimate, do not proceed without confirming the request in-person.
Tip 7: Review the email signature
Lack of details about the sender may indicate a phishing attempt. Legitimate businesses, organizations, and individuals usually provide contact details in their emails.
Tip 8: Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords, or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
Tip 9: Don’t trust the subject line
Fraudsters not only spoof known organizations in their display names, but they also spoof them in the subject line. You should also be suspicious of emails that have subject lines that seem unusual.
Tip 10: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, or seems to come from a valid email address (e.g. janedoe.psac.com @ gmail.com), this does not mean that it’s legitimate. Be skeptical when it comes to your email messages — if it looks even remotely suspicious, don’t open it.
Important: When in doubt, please do not hesitate to contact the local regional office team for member support. Do not forward a suspected phishing email. Instead, send a new email with details of the inquiry you have received.