Recent phishing attempts and how to avoid them

At WHC, ensuring the safety and success of our clients online is paramount. We're addressing a recent security issue that could potentially impact you.

What’s the issue?

We've been made aware of phishing attempts targeting our customers through emails masquerading as official communication from WHC. As an example, some clients have reported receiving "Auto Renewal Failure" notifications from email addresses claiming to be affiliated with us. These emails are not from WHC, and we urge you to exercise caution. These messages aim to trick individuals into providing sensitive information, such as login credentials, by redirecting them to a fake website that looks very similar to ours.

Identifying phishing emails

Phishing emails often create a sense of urgency or fear, prompting immediate action. The goal is to trick recipients into providing sensitive information or clicking on malicious links. Here are a few red flags to watch for:

• Suspicious links: Hover over any links in the email (without clicking!) to see if the URL directs you to our official website.
• Unfamiliar sender: The email comes from an address that doesn't match our official domain (whc.ca).
• Requests for personal information: We will never ask for your password or sensitive account information via email.
• Spelling and grammar mistakes: Spelling errors can be a sign of phishing. To ensure that you are not accessing a phishing site, you can directly type the URL into your browser. For example:
  whc.ca is LEGIT
  clients.whc.ca is LEGIT
  clients-whc.ca is FRAUD
  billing-whc.ca is FRAUD

Immediate steps to take

1. Enable Two-Factor Authentication (2FA): If you haven't already, we strongly encourage you to activate two-factor authentication on your account. This adds an extra layer of security, ensuring that you're the only person who can access your account, even if your password is compromised.
2. Verify website authenticity: Before logging into your account, please double-check that you are on our official website, whc.ca. Look for the secure lock icon next to the URL and verify that the address is correct. This simple step can greatly reduce the risk of falling victim to phishing attempts.

How we're responding

• Monitoring and response: Our security team is actively monitoring the situation to mitigate its impact and prevent its reoccurrence.
• Support and assistance: Our bilingual tech support team is available 24/7 in English and French via chat, phone, or tickets to assist with any concerns or questions you may have regarding this issue.

What to do if you’ve been duped

Discovering that you've responded to a phishing attempt can be unsettling, but taking prompt, decisive action can help mitigate potential damage. Here's what you need to do immediately:

• Change your passwords right away: Secure your accounts by updating your passwords. This includes your Client Area, email, WordPress logins, and any other services you use. Opt for strong, unique passwords that are not easily guessed.
  When resetting your passwords, always use the official password reset methods. Never click on any links received from an untrusted email.
• Enable Two-Factor Authentication (2FA): If you haven’t already, enabling 2FA on your accounts provides an additional security layer, making unauthorized access significantly more difficult.
• Check your account for malware or unknown content: Review your accounts for any unfamiliar activity or files that you did not upload. Phishing attacks sometimes involve uploading malware to compromised accounts. If you find anything suspicious, contact our support team immediately for assistance.

Take action

If you have received a suspicious email, please do not click on any links or provide any information. Instead, report it to our support team immediately. Additionally, we advise conducting a thorough review of your account for any unusual activity and updating your password regularly as a precaution.