This is a Phishing Exercise

Fear not – nothing has happened to your device and no action is required.

Phishing Survey

 

The BC Public Service wants to help you and your colleagues be prepared should a real phish arrive. Help us by providing feedback and comments.

If you would like to reach out to us directly, email OCIOSecurity@gov.bc.ca  

Learn more about the BC Public Service Phishing and Education program below.

Nobody likes getting phished, whether it’s for real, or as part of a training exercise like this – but it can happen to anyone, which is why it’s important to be prepared. 

Learn more about spotting phishing emails below.   

How could you have identified this phishing email?

Phishing email clues

1. The sender email address is suspicious.
   • executive@emoneysender.com does not seem to be affiliated with BC Government. 
2. The email is coming from an external source.
   • Be wary of emails that from external sources.
3. The email greeting is vague and does not address anyone specifically.
   • Phishing emails will often use generic greetings such as, "Hello" or "Dear Valued Customer."
4. Verbiage in the email creates a sense of urgency.
   • Phishing emails often create a sense of urgency or fear to provoke strong emotions that affect decision making.
5.  Hovering over both the links reveals that they lead to the same suspicious URL.
   • Although email filtering systems do a good job of blocking a lot of malicious emails and links, some can still get through. If you see that the link redirects you to an odd URL do not click on the link.
   • Scammers will also use URL shorteners such as Bitly or TinyURL to mask the malicious site they are redirecting to.

Why is there a phone number in this phishing e-mail?

A telephone oriented attack delivery (TOAD) attack is a type of phish where attackers attempt to lead victims into a phone call where they use verbal social engineering tactics to compromise the victim into sharing sensitive information.

While the phone number seems to be legitimate and possibly associated with the BC government, it's crucial to remain cautious as it could be an instance of phone number spoofing.

Why did it look like it was coming from an executive?

Some government employees received phishing emails, texts, or phone calls appearing to come from BC Public Service executives. After a brief contact, such as “are you able to help me?”, the scammer directs employees to purchase gift cards.

Why is the BC Public Service sending out these emails?  

• Phishing attacks have become more sophisticated over time. Despite best efforts of digital security, some of these phishes still land in employee inboxes.   
• Fortunately, evidence shows that exposure to practice phishing emails can help people to protect themselves and others from losses when faced with real phishing attacks by increasing awareness of the techniques that cyber criminals use. 
• For more information, review the initial communication or the subsequent follow-up that were sent to provide an overview of the phishing awareness program

What do I need to do?  

• Falling for a phishing attack can happen to anyone. Nothing has happened to your device and you cannot be identified. You are not required to contact anyone or to report this to your supervisor or OCIO Security.  

How can I be better prepared in the future?  

• The BC Public Service wants to raise the cyber-security bar across B.C. You can help!