How to Spot and Avoid Phishing Attempts
Phishing attempts are nothing new, but the tactics behind them continue to evolve.
Over the past year, we’ve seen an increase in fraudulent messages designed to look like legitimate communications from hosting providers, online services, and well-known brands. These messages often aim to create urgency, push users to click a link, and ultimately steal login credentials or sensitive information.
While specific phishing campaigns may come and go, the underlying threat remains. That’s why it’s important to understand how phishing works today and how to protect yourself.
Common signs of a phishing attempt
Phishing emails often aim to trigger urgency or fear to prompt immediate action. Some customers have reported receiving misleading domain verification notices from suspicious addresses claiming to be affiliated with us.
Examples include [email protected] or [email protected]. Even though our name appears in these email addresses, they’re fraudulent. WHC will only contact you using official addresses ending in “@whc.ca.”
To stay safe, be mindful of these warning signs:
- Suspicious links: Always hover over links (without clicking) to confirm the URL directs you to our official website. In the example above, we can see that the URL does not link to whc.ca.
- Unfamiliar sender: Emails not originating from our official domain (@whc.ca) are likely fraudulent.
- Requests for sensitive information: WHC will never ask for passwords or confidential details via email.
To confirm legitimacy, type the URL directly into your browser. Here are some examples:
✅ whc.ca – LEGIT
✅ clients.whc.ca – LEGIT
❌ clients-whc.ca – FRAUD
❌ billing-whc.ca – FRAUD
How phishing is evolving
Phishing attempts have become harder to spot, so it's important to keep your eyes peeled. Some common trends include:
- More convincing language, often written to sound professional and natural
- Brand impersonation, using copied logos, layouts, and familiar wording
- Targeted attacks, based on publicly available information
- Urgent or threatening messaging, designed to override caution
Even experienced users can be caught off guard when a message looks familiar or appears to come from a trusted source.
What you can do right now
- Enable Two-Factor Authentication (2FA): If you haven’t already, activate 2FA for enhanced protection. This security measure ensures that only you can access your account, even if your password is compromised.
- Verify website authenticity: Always confirm you are on our official website, whc.ca, before logging in. Check for the secure lock icon beside the URL and ensure the address is accurate.
- Be aware of fake SSL certificates: Although attackers may use SSL-secured sites, you can review the website’s certificate to ensure it’s valid. Click the padlock icon and verify our name is displayed under the organization field.
What to do if you've been targeted
If you suspect you've fallen victim to a phishing attempt, don’t panic. Acting quickly can help limit potential damage:
- Change your passwords: Update passwords for your Client Area, email, WordPress logins, and any other services you use. Always opt for strong, unique passwords and use official password reset methods.
When resetting your passwords, always use official password reset methods. Never click on any links received from an untrusted email. - Enable 2FA: As mentioned above, adding two-factor authentication to your accounts will make unauthorized access significantly harder.
- Check for suspicious activity: Review your accounts for any unfamiliar actions or files. Phishing attacks can sometimes involve malware uploads. If you detect anything unusual, contact our support team immediately.
- Report fraud: If you believe your site or organization has been targeted, use the Canadian Competition Bureau reporting guide to file a formal report.
Stay protected
If you receive a suspicious email, do not click on any links or provide any information. Instead, report it to our support team right away and mark it as spam. We also recommend conducting regular reviews of your accounts and updating your passwords periodically as an added precaution.
By staying informed, skeptical of unexpected messages, and proactive about account security, you can significantly reduce your risk. Phishing tactics will continue to change, but awareness remains your strongest defense.
About the author: Daniel Bedard
As WHC’s Content Writer, Dan spends much of his time click-clacking on his keyboard. Outside of work, he performs music and comedy, often pondering the crushing weight of existence.
See all articles from this author Interested in writing for Web Hosting Canada?
Comments
Leave a Reply Laisser un commentaire
Leave a Reply Laisser un commentaire
Also on the WHC Blog
5 Urgent WordPress Vulnerabilities to Patch (Winter 2026)
WordPress still powers a huge chunk of the internet in 2026, which is exactly why attackers keep targeting it. More often than not, the biggest vulnerabilities lie in plugins, opening the door to admin takeovers, malicious...
Read full article
Cheer for Canada, on Every Front
Canada shows up when it matters. When Team Canada hits the ice, we rally. We gather in rinks, pubs, and living rooms. We lean forward, cheer loud, and wear our pride on our sleeves. That pride doesn’t disappear when...
Read full article
Can I forward an email that looks suspicious?
Yes, absolutely! You can always forward any suspicious-looking emails to [email protected] and our team will take a look for you. 👍
I recently programmed my own phishing server for security some clients. I know you can buy the service and have it done for you, I might actually recommend this to anybody that is not a highly skilled programmer and is willing to spend hours learning how email functions in the modern environment where AI giants ate at the gates of the monopoly providers with the power to blacklist you from existence.
Mainly the reason that I did it myself was, Initially I didn’t realize the difficulty, once I began digging I realized the immense complexity, and as I began approaching a solution I learned a lot about what is effective and what is not and why – and how this will evolve in the short to medium term
Essentially the industry is dominated by monopolies which are the gatekeepers to all of your email especially when it comes to business email. All large enterprises and organizations now are utilizing GWS or Outlook (Azure). There are of course nuance differences between the two However the details are highly technical and unimportant when compared to what makes phishing effective and how to counteract by training and educating .
As listed in this article the main features that make fishing effective as a means of attack and exploitation are targeting humans and proclivities to behave in certain ways praying on their lack of sophisticated knowledge of the evolving technical landscape.
Designing a template that appears real as you might expect is trivial. once one fully understands the process of how email is sent and filtered and the various security measures that are in place, these can also be circumvented. What remains is now, and be for the foreseeable future, where the risk truly lies which is in the human factor.
praying ON human nature by giving tight deadlines or making assertions of emergency conditions Anything to manipulate a person is highly effective. from my experience this presents a challenge in that, if one wants to train employees they must exploit these exact areas, while at the same time realizing that no employee likes to feel like they have been tricked and they have been targeted With a specific focus their vulnerability.
I could write a full essay on this subject but I don’t want to bore anyone here. Did however think it was worthwhile leaving a comment here telling people that this is not going to go away and it is very difficult to combat because training is resisted by management resented by staff and the only way that we can improve this situation is to have an educated workforce which requires…Training!
**reporting emails and fraud helps, however, having talked to a very senior member of the federal government that runs our anti fraud effort, The problem is an iceberg What they can see is the tip of the iceberg what they can investigate are a few chunks ON the iceberg and what they can recover from attackers in Russia and China is so small I can’t make an appropriate iceberg analogy 🙂