It is important to understand and protect yourself from social engineering scams. Here’s how you can identify, handle and report fraud attempts of this nature.
Email Scams & Website Pop-ups (a.k.a Phishing)
Phishing is when a scammer sends emails or website pop-up windows pretending to be from a reputable company or organization in order to trick people into sharing personal information, such as passwords and credit card numbers.
What should I do if I’ve received a suspicious email from Wightman?
Do NOT respond to the email, open any attachments, or click on any links. Instead, you should forward the email to [email protected] or report it to us by phone at 1.888.477.2177
If you’ve already responded to a request for a Wightman username or password, we highly recommend that you change those items immediately. We can assist you with this, if you need help. Call our Technical Support Team at 1.888.477.2177
What should I do if I’ve received a suspicious email from another company?
Do NOT respond to the email, open any attachments, or click on any links. Instead, report it to the Canadian Anti-Fraud Centre:
• Online: https://www.antifraudcentre-centreantifraude.ca/reportincident-signalerincident/index-eng.htm
• By Phone: 1.888.495.8501
If you want to learn more about known scams and scammer tactics take a look at The Canadian Anti-Fraud Centre website. Knowing what to look for is the best way to protect yourself.
Phone Scams (a.k.a.Vishing)
Vishing (short for “voice phishing”) is when a scammer calls or leaves voice messages pretending to be from a reputable company or organization in order to trick people into sharing personal information such as bank details or credit card numbers. “Vishers” may also ask for other forms of payment, such as gift cards to popular retailers.
Often the caller will offer you fake rate plans, lofty incentives, or “free money” if you take their survey or “confirm” your account by providing information like PINs, passwords, or account numbers. On the other hand, they may also threaten to foreclose your mortgage, repossess your car, or arrest you for tax evasion if you don’t give them what they want. In recent years, many have lost thousands of dollars by responding to fraudulent calls claiming to be from Canada Revenue.
Revenue Canada provides helpful tips on knowing if a phone call is from a legitimate Revenue Canada employee, which you can find here: https://www.canada.ca/en/revenue-agency/news/newsroom/tax-tips/tax-tips-2022/not-sure-cra-calling-here-how-to-find-out.html
What should I do if I’ve received a suspicious phone call from Wightman?
Do NOT provide personal information to any unsolicited caller. If possible, record the phone number that appeared on your Call Display, and then contact us at 1.888.477.2177 to report the incident. We will be able to tell you if the call was legitimate.
If you’ve already responded to a request for a Wightman username or password, we highly recommend that you change those items immediately. Again, we can assist you with this, if you need help. Call Wightman’s Technical Support Team at 1.888.477.2177 – we are available 24 hours per day.
What should I do if I’ve received a suspicious call from another company?
Do NOT provide personal information to any unsolicited caller. Instead, report it to the Canadian Anti-Fraud Centre:
• Report Online: https://www.antifraudcentre-centreantifraude.ca/reportincident-signalerincident/index-eng.htm
• Report by Phone: 1.888.495.8501
If you want to learn more about known scams and scammer tactics take a look at The Canadian Anti-Fraud Centre website. Knowing what to look for is the best way to protect yourself.
Learn more about responding to fraud
For more information about protecting yourself against fraud, check out the following sites:
• Identity Theft and Identity Fraud Victim Assistance Guide: https://www.rcmp-grc.gc.ca/scams-fraudes/victims-guide-victimes-eng.htm
• Email Fraud/Phishing Information: https://www.rcmp-grc.gc.ca/scams-fraudes/phishing-eng.htm
• The Canadian Anti-Fraud Centre: https://www.antifraudcentre-centreantifraude.ca/index-eng.htm
Wightman is implementing Universal Network-Level Call Block (UNCB).
UNCB will help to protect you against certain types of unsolicited calls by blocking calls when Call Display information is clearly inaccurate.
What type of calls are blocked?
- Calls with unassigned North American area codes (for example, 000-000-0000, 111-111-1111, 123-456-7890, etc).
- North American calls that have less than 10 digits (for example, 0000, 1234, 12345, etc). Note that this does not include 310- calls.
- North American calls that have more than 10 digits (for example, 519-555-6541-9876). Note: This does not include long distance calls that begin with the number 1 (for example, 1-905-837-1111 or 1-800-595-1234, etc).
- Calls originating from international countries containing more than 15 digits (for example, 11-123-222-222-111-111, etc).
These phone numbers often include various types of spam, unsolicited, unwanted phone calls, such as fake marketing (e.g. free security system offers), and they usually originate from telemarketers who are not registered with the National Do Not Call List (NDNCL).
These numbers can appear as a string of numbers, a random number, or the number of a person, company, or even a government entity. Telemarkers making sales calls to customers in Canada have an obligation to accurately identify themselves. Those using technology to purposefully change their Call Display with inaccurate, fake, or misleading information violate this requirement.
Universal Network-Level Call Block (UNCB) should help reduce the number of unsolicited calls that you receive, although it will not block all unsolicited calls.
Wightman implemented the Universal Network-Level Call Block (UNCB) Fall 2019. You can read more about the CRTC policy on Network-Level Call Blocking here.
Phone Fraud also known as “Telecommunications Fraud” or “Toll Fraud” occurs whenever an unauthorized user gains access to and/or places fraudulent charges to your telephone system. It can take many forms from unwanted collect calls to voicemail hacking. Whatever method a fraudster may use, your business’s best defence is knowledge.
Monitor Remote Access and Administration
Remote Access allows an inbound caller to access your business’s phone system and make outbound calls through it by using an access code. This is one of the most common modes of illegal entry into a phone system. To limit the risk to your business, use passwords and authorization codes to access these features. If your business does not use these features, contact your system administrator or provider to ensure that these features are turned off.
Use Strong Passwords and Authorization Codes
Your phone system’s security is only as strong as the passwords used to access it. Follow these tips to make sure your passwords and authorization codes are not easily guessed:
- NEVER USE DEFAULT PASSWORDS
- Use the pound sign (#) and asterisk (*) in your password if your system allows it.
- Use passwords that are at least 7 characters long. For maximum protection, you should use the maximum number of characters that your system allows.
- Do not use predictable patterns such as repeating characters (55555) or ascending or descending characters (54321).
- Do not use your extension number (or it’s reverse), your office number, or any other information that identifies a system owner or user (such as an employee number or social insurance number).
- Do not write down your password or store it on your hard drive or network. If a record is kept, it should stored in a secure location.
Frequently Change Passwords and Authorization Codes
It is a good idea to change your passwords and authorization codes at least four times a year. It’s also recommended that you change access/authorization codes whenever an employee (such as a network technician) leaves the company.
Control Long Distance Calling
- Prohibit or restrict calls to countries you do not do business with
- Prohibit or restrict calls to the Caribbean, a favourite call destination for fraudsters
- Restrict the ability to make international calls to only those employees who need to
- Restrict the time of day that calls can be made, such as at night or on weekends
- Restrict toll-free access from areas known a phone fraud centres.
Restrict Automated Attendant Access
Automated attendants are another common entry point for unauthorized third parties. When the automated attendant “picks up,” fraudsters can dial 91XX or 9011. On many phone systems (if the
dial-out feature is active), this extension connects the caller to an outside long distance line. The best defence is to block 9XXX or 8XXX access codes and/or require an additional authorization code.
Monitor Your System
Closely monitoring your phone system will help you to catch suspicious activity early. Watch for unusual patterns or usage spikes in your PBX, voicemail, automated attendant, and toll-free systems. These may be indicators that someone is attempting to gain access to your phone system.
Please take the precautions listed above. Ultimately, any unauthorized calls made to or from your phone system equipment — whether by someone in your company or by a third party — are your responsibility. It is essential that you take steps to protect your business from phone fraud.