Your company is participating in a Cyber Security Education Program.


This Undelivered Package Phishing Attack included the following social engineering techniques:


  1. Time urgency/constraint (example: 48 hours or package will be returned to sender).
  2. Use of a corporate logo/images (example: Canada Post footer and content)
  3. Spoofed domain to appear it comes official domain (example: canadapost.lang-fr-en.ca).


How to spot this was a phishing email:


  1. Was this an email you expected to receive? No - Be cautious
  2. Are you expecting a package associated with this (work) email?
  3. The sender named email address was not coming from Canada Post (example: undelivered@lang-fr-en.com).
  4. The primary domain was not correct for greeting card company (example: official domain canadapost-postescanada.ca).
  5. The link didn't work (example: it used news:// format to bypass detection) and required you to copy and paste.
  6. This email was/may have been filtered and in your junk mail folder.


“An employee is either an asset to your cyber security or a risk.”