All members of a campaign team should know how to identify malicious messages and how to handle them.
How to identify malicious messages
- Verify that you really know the sender and, if possible, that the tone of the message is consistent with the sender.
- Verify that the sender’s address is valid. Sometimes threat actors will use addresses that look legitimate, but are altered in very slight ways.
- Look for misspelled words in the body of the message. This is a trick used to bypass spam filters.
- Look for unusual phrasing in the message, which may suggest that the author isn’t legitimate.
- Look for an offer that is too good to be true.
- Pay attention to a request, which may include a threat, for sensitive information (e.g. personal or financial information).
- Ensure the content of the message is relevant to your campaign work if the message is sent to your campaign email address.
- Check that included links or attachments are relevant to the content of the message.
How to handle malicious messages
- Never click on links included in malicious or suspicious messages, even if they offer to remove you from a distribution list. If someone sends you a link (e.g a news release) browse to the page or search for it online instead.
- Never open attachments included in malicious messages. Malware often hides in attachments.
- If you must open an attachment, open it on a computer that is not connected to the campaign IT infrastructure.
- Do not reply to suspicious messages or spam messages. Doing so will only confirm that your address is valid, resulting in more spam.
- Do not provide any confidential information (e.g user name or password), even if the emails appear legitimate. If the email appears real, contact the sender another way (e.g. call them) to verify the request before providing information.
- Do not forward suspicious messages to other people. If you need to show it to someone, ask the person to view it on your screen or print it out.
- Delete spam messages or move them to a junk folder. If you’re unsure whether it’s spam or you don’t know what to do with the message, talk to your campaign team lead.
How to handle potentially criminal messages or cybercrime
The Royal Canadian Mounted Police (RCMP) generally interprets cybercrime to be any crime where the internet and information technologies (such as computers, tablets, personal digital assistants, or mobile devices), have a substantial role in the commission of a criminal offence. It includes technically-advanced crimes that exploit vulnerabilities found in digital technologies. It also includes more traditional crimes that take on new shapes in cyberspace. If you receive an offensive, abusive, or potentially criminal message, whether it seems to be spam, phishing or something else, or if you think criminals are asking you for confidential information, inform your local police and the RCMP. Save the message, as authorities may ask you to provide a copy to help with any subsequent investigations. Do not send the message to others.