AHS & Phishing Scams


Text Message Scam Alert

November 23, 2022: AHS is receiving reports of a scam in which text messages, that appear to be from AHS, promise Albertans money for getting a COVID-19 vaccine and ask for credit card information. AHS will never ask you to provide your credit card or SIN # via email, text or over the phone. Please report this to the Canadian Anti-Fraud Centre.

What is Phishing?

Phishing email messages, text messages, websites, and phone calls are designed to steal money and/or information. Cybercriminals can do this by tricking you into clicking malicious links, providing instructions to download malicious files or confirm personal information like usernames and passwords.

Phishing Scams

Large organizations are frequent targets of phishing scams, and Alberta Health Services is no different. AHS has been the target of several malicious phishing scams directed at staff and also the public.

Such incidents have become almost commonplace. Some have been sent to randomly generated staff members across all departments of AHS; others have been targeted specifically at certain areas of the organization, such as payroll. Recently the public has been targeted using Alberta Health Services name.

These incidents highlight the importance of all of us remaining extremely vigilant when it comes to how we use our email accounts and phones, and in particular, what we do with suspicious messages.

Hackers are becoming more and more sophisticated at designing phishing scams that appear to be legitimate, but are in fact fraudulent attempts at gathering personal information or infecting a computer network with a virus.

AHS takes its responsibility as the keepers of personal healthcare information extremely seriously, and does everything it can to ensure that information is secure and protected.

AHS also has many security measures in place, to protect its systems from criminals. These measures are constantly evolving to counter outside threats that are also constantly changing and adapting.

But we also need to rely on our staff and the public to be diligent and aware of possible scams.

How to Protect Yourself

The phishing emails, or texts, may look extremely authentic – they are designed that way so that you will act, either by providing personal details, or by clicking on a link that then allows the hacker access to your account.

Here are some tips on what to look out for in phishing scams. Think before you click, and keep an eye out for emails or texts that:

  • Come from a source you are not familiar with. DO NOT click on a link if you don’t recognize the sender.
  • Start with generic greetings. Phishing scams are usually sent in large batches. To save time, internet criminals use generic names like “First Generic Bank Customer” so they don't have to type all recipients' names out and send out one-by-one. If you don't see your name, be suspicious.
    • Be particularly cautious of greetings like:
      • Dear User.
      • Dear Sir/Madam.
      • No greeting.
  • Ask for personal information. The point of sending a phishing scam is to trick you into providing your personal information. If you receive a request asking for your personal information, it is probably a phishing attempt. No bank, reputable company, or online store will EVER ask you for your password via email or text, AHS included. If you receive an email or text asking for this, report it, then delete it immediately.
    • Be extremely wary of anyone who asks you to:
      • Provide your S.I.N. and date of birth.
      • Provide your password.
  • Have a heightened sense of urgency. Internet criminals want you to provide your personal information NOW. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.
    • Be cautious if the message contains language such as:
      • Your account will be permanently disabled if you do not reply in seven days.
      • If you don’t respond within 24 hours, your account information will be lost.
  • Contain threats of action or deactivation. The phisher will sometimes add some motivation to get users to give up their information. Threatening the individual with losing or deactivating an account causes a little panic and a little push to comply.
    • Be suspicious of any message that suggests:
      • Your account will be deactivated.
      • You will lose certain information or messages.
  • Contain forged links. Even if a link has a name you recognize somewhere in it, it doesn't mean it links to the real organization. Roll your mouse over the link and see if it matches what is showing in the message.
    • For example, hover over this link https://www.ahs.ca and the link displays one site, but if you click it, it will take you to another. DO NOT click on a link if the links don’t match.
  • Contain poor spelling/grammar. Phishing scams are often written quickly, or by someone who may not speak English as their first language. If you receive a message that appears to be from a reputable source that contains spelling errors, be cautious.

Although AHS always takes a proactive approach to prevent phishing scams like these from affecting our systems, we ask that AHS staff and the public be extra vigilant with any suspicious emails or texts.

If you have questions, or are questioning the legitimacy of an email or text you receive, you can contact infocare@ahs.ca.

Each and every one of us needs to do our part to make sure that our online lives are kept safe and secure.