New Wave of Phishing Attempts

At WHC, protecting our clients’ online safety and success is a top priority. We're currently addressing a security concern that may affect you.

We’d also like to thank our customers for swiftly bringing this to our attention. When we work together, we move fast.

What’s happening?

We've identified a new wave of phishing attempts where fraudulent emails are being sent to our customers, falsely appearing as official WHC communications. Some customers have reported receiving misleading domain verification notices from suspicious addresses claiming to be affiliated with us. These emails are not from WHC. Their goal is to deceive users into providing sensitive information, like login credentials, by redirecting them to a fake website designed to closely resemble ours.

How to spot phishing emails

Phishing emails often aim to trigger urgency or fear to prompt immediate action. To stay safe, be mindful of these warning signs:

• Suspicious links: Always hover over links (without clicking) to confirm the URL directs you to our official website. In the example above, we can see that the URL does not link to whc.ca.
• Unfamiliar sender: Emails not originating from our official domain (@whc.ca) are likely fraudulent.
• Requests for sensitive information: WHC will never ask for passwords or confidential details via email.
• Spelling and grammar errors: Poorly written messages can be a red flag.

To confirm legitimacy, type the URL directly into your browser. Here are some examples:

✅ whc.ca – LEGIT
✅ clients.whc.ca – LEGIT
❌ clients-whc.ca – FRAUD
❌ billing-whc.ca – FRAUD

Recently, some users have reported emails from [email protected] or [email protected]. Even though our name appears in these email addresses, they’re fraudulent. WHC will only contact you using official addresses ending in “@whc.ca.”

What You Can Do Right Now

• Enable Two-Factor Authentication (2FA): If you haven’t already, activate 2FA for enhanced protection. This security measure ensures that only you can access your account, even if your password is compromised.
• Verify website authenticity: Always confirm you are on our official website, whc.ca, before logging in. Check for the secure lock icon beside the URL and ensure the address is accurate.
• Be aware of fake SSL certificates: Although attackers may use SSL-secured sites, you can review the website’s certificate to ensure it’s valid. Click the padlock icon and verify our name is displayed under the organization field.

How we’re responding

• Active monitoring: Our security team is continuously monitoring this situation to minimize risks and prevent further incidents.
• 24/7 support: Our bilingual support team is available around the clock, in English and French, via chat, phone, or tickets to assist you with any concerns or questions.

What to do if you've been targeted

If you suspect you've fallen victim to a phishing attempt, don’t panic. Acting quickly can help limit potential damage:

1. Change your passwords: Update passwords for your Client Area, email, WordPress logins, and any other services you use. Always opt for strong, unique passwords and use official password reset methods.
   When resetting your passwords, always use official password reset methods. Never click on any links received from an untrusted email.
2. Enable 2FA: Adding two-factor authentication to your accounts will make unauthorized access significantly harder.
3. Check for suspicious activity: Review your accounts for any unfamiliar actions or files. Phishing attacks can sometimes involve malware uploads. If you detect anything unusual, contact our support team immediately.

Stay Protected

If you receive a suspicious email, do not click on any links or provide any information. Instead, report it to our support team right away and mark it as spam. We also recommend conducting regular reviews of your accounts and updating your passwords periodically as an added precaution.