This is a Phishing Exercise - TI Corp

Last updated on April 1, 2025

Phish Happens logo

Fear not – nothing has happened to your device and no action is required.

Nobody likes getting phished, whether it’s for real, or as part of a training exercise like this – but it can happen to anyone, which is why it’s important to be prepared. 

Transportation Investment Corporation wants to help you and your colleagues be prepared should a real phish arrive. Help us by providing feedback and comments and reach out to us directly at security@ticorp.ca.

Learn more about spotting phishing emails below. 

How could you have identified this phishing email?

An explanation of the clues that were present in the latest phishing exercise administered by CDTPhishing email clues

  1. The sender email address is suspicious.
    • executive@emoneysender.com does not seem to be affiliated with Transportation Investment Corporation. 
  2. The email is coming from an external source.
    • Be wary of emails that from external sources.
  3. The email greeting is vague and does not address anyone specifically.
    • Phishing emails will often use generic greetings such as, "Hello" or "Dear Valued Customer."
  4. Verbiage in the email creates a sense of urgency.
    • Phishing emails often create a sense of urgency or fear to provoke strong emotions that affect decision making.
  5.  Hovering over both the links reveals that they lead to the same suspicious URL.
    • Although email filtering systems do a good job of blocking a lot of malicious emails and links, some can still get through. If you see that the link redirects you to an odd URL do not click on the link.
    • Scammers will also use URL shorteners such as Bitly or TinyURL to mask the malicious site they are redirecting to.

Why is there a phone number in this phishing e-mail?

A telephone oriented attack delivery (TOAD) attack is a type of phish where attackers attempt to lead victims into a phone call where they use verbal social engineering tactics to compromise the victim into sharing sensitive information.

Why did it look like it was coming from an executive?

Some employees received phishing emails, texts, or phone calls appearing to come from executives. After a brief contact, such as “are you able to help me?”, the scammer directs employees to purchase gift cards.

Why is the Transportation Investment Corporation sending out these emails?  

  • Phishing attacks have become more sophisticated over time. Despite best efforts of digital security, some of these phishes still land in employee inboxes. In fact, some are even targeted phishes, like this one.
  • Fortunately, evidence shows that exposure to practice phishing emails can help people to protect themselves and others from losses when faced with real phishing attacks by increasing awareness of the techniques that cyber criminals use. 
  • For more information, review the initial communication that was sent to provide an overview of the phishing awareness program

What do I need to do?  

  • Falling for a phishing attack can happen to anyone. Nothing has happened to your device and you cannot be identified. You are not required to contact anyone or to report this to your supervisor or TI Corp IT.  
  • If you have a concern about an email you have received and you cannot verify the sender, please use the Report Message/Report button in Outlook

 

5 Ways to Spot a Phishing Email

 

What Can I Do?

Help us by providing feedback and comments.

If you would like to reach out to us directly, email security@ticorp.ca

Together, we can raise the cyber-security bar in BC.

Contact information

If you have any questions or concerns, please contact us at security@ticorp.ca.