Protect yourself from
cyber threats

Cyber security is more important than ever as criminals find new ways to steal your personal or financial information. As ever, we are committed to providing you with strategies to help stay protected.

What is at risk?

If you receive a text message or an email with a verification code, but you didn’t request it, this could be the work of a hacker trying to gain access to your personal information. Two-step verification is a security measure that prevents unauthorized attempts on your MyShaw account. Visit Shaw Support to learn how you can set up two-step verification.

Why is it important?

Once enabled for your MyShaw account, certain sign-in attempts or account-related changes will trigger a 6-digit verification code sent to you via SMS or email. This code will then grant you access to your account.

Even if someone has your user name and password, they won’t be able to access your account without two-step verification. It’s still important to remain cautious. If they get your account credentials, cybercriminals can send multiple approval requests in a short period of time to irritate the user into giving the attacker access. This is known as MFA Bombing, MFA Fatigue or Push Phishing.

How can you protect yourself?

  • Carefully review any authentication request before accepting and do not accept unexpected requests
  • Always use a strong and unique password that utilize a mix of letters and symbols
  • A MFA Bombing attempt may be accompanied by calls or emails from someone claiming to be from Shaw in order to pressure you into authorizing a two-step verification request
  • If you receive two-step verification requests you have not initiated or several requests in a short period of time, please contact Shaw Support
  • For even more information on Shaw’s MFA implementation, see our Two-Step Verification FAQ

What is at risk?

With so much information about you residing in the cloud, passwords are often the only defense between cybercriminals and your online life.

What are common password attacks?

Dictionary attack

The hacker uses a list of short, common words with number combinations to get through weak and oversimplified passwords.

Brute force

A program is used to generate passwords and random character sets, starting with commonly used, weak passwords like Password123.

Traffic interception

The cybercriminal uses software to monitor network traffic and capture passwords as they’re entered. Similar to tapping a phone line, the software captures your information.

Man in the middle

A program monitors information exchanges and inserts itself in the middle of the interaction by impersonating a website or app. This tactic captures the user’s credentials and other sensitive information.

Key logger attack

A cybercriminal installs malware that tracks the user’s keystrokes. This allows the gathering of credentials for specific accounts and websites.

How can you protect yourself?

  • Use strong and unique passwords that are long and utilize letters and symbols
  • Enable Two-Step Verification across all your sensitive accounts, including your MyShaw account
  • Use a password manager to keep track of your strong, complex passwords
  • Don’t reuse passwords, credentials are often sold after your passwords are hacked

What is at risk?

With the Internet of Things growing in popularity due to the increase in smart home devices, it is essential to keep your router secure. It controls access to your home Wi-Fi network and is the barrier between cybercriminals and all your connected devices.

What attacks are happening?

Inbound attacks

Inbound attacks occur if your home network is breached via the Internet through connected devices such as desktop computers, tablets, smart TVs, and game consoles.

Outbound attacks

Outbound attacks refer to instances when hackers access a home device through the Internet and then use that device to remotely launch malware and obtain sensitive information or attack other networks.

How can you protect your network?

  • Change your router’s default password, which is separate from the Wi-Fi password
  • Regularly change the Wi-Fi password
  • Keep your router’s firmware up to date
  • Update your software regularly to patch vulnerabilities
  • Disable remote access as most users will not need it
  • Disable Universal Plug and Play (UPnP) and set up your TV and consoles properly
  • Be security-aware about which apps, programs and browser extensions you use

What is at risk?

We rely on our devices to stay connected, which makes it critical to take proper measures to protect the personal data we have stored, such as credit card, banking and tax information, medical records, photos and even confidential work information.

Why is it important?

It’s easy for laptops, tablets and smartphones to get lost or stolen. And your personal data can even be stolen when connecting to public networks, which requires further awareness on your part. Without strong passwords and network awareness, it is easy for unauthorized users to access your data.

How can you protect yourself?

  • Always turn user authentication on for your devices and accounts, including enabling Two-Step Verification for your MyShaw account
  • Update your software regularly to patch vulnerabilities
  • Avoid connecting to public Wi-Fi to decrease exposure to malware
  • Use a password manager to keep track of your strong, complex passwords
  • Enable remote lock and data wipe services on your lost or stolen devices

What is Protected Browsing

Available to all customers with a Gateway modem, Protected Browsing is an opt-in service that you can use to help safeguard your home network against malicious content. This feature is available at no additional cost, you can enable it on the Home app or on the website by selecting Protected Browsing in the Network section. Visit Shaw Support to learn about activating Protected Browsing.


When enabled, Protected Browsing can reduce the risk of accessing known sources of malware, spyware, and phishing for all devices connected to your home network.

A third-party vendor maintains and updates a list of filtered sites to ensure your digital safety. If a device connected to your home network attempts to access a website known to host malicious content, a block page will be displayed. In the case of secure websites (https) or mobile applications, the block page may not be displayed, but access is still prevented.

What is malware?

Malware is malicious software created to cause damage or disrupt your computer system and potentially provide unauthorized access to your computer, server or network. It can be delivered over email via a link or attached file, instant messaging, internet browsing and social media. As new malware is constantly developed and launched, it’s important to be aware of the kinds of malware that may threaten your information. Some of the most common types of malware are viruses, worms, spyware, Trojans and ransomware.

Ransomware is malicious software that infects your computer and makes your data inaccessible. The attacker will demand a ransom in return for access to your data.

How can you protect yourself?

  • Update your software regularly to patch vulnerabilities
  • Don’t open links and attachments from unfamiliar email addresses
  • Watch out for malicious websites that can infect your device
  • Don’t plug unfamiliar storage drives into your device
  • Backup your data regularly
  • Avoid connecting to public WiFi
  • Use antivirus software from a reputable company

What is phishing?

Phishing is when cybercriminals attempt to gain access to your personal information by:

  • Sending you links to websites that appear trustworthy, and then stealing your information when you try to log in
  • Persuading you to reply to an email with personal information
  • Adding a trigger to emails that will download malicious software in order to steal your data, encrypt your files for ransom money, and other malicious practices

What attacks are happening?

Fraudulent messages and phishing attempts often include false messages related to:

  • Declined payments
  • Updating Webmail account details
  • Signing in to your account
  • Updating billing information
  • Activating your Shaw ID
  • Account changes
  • Mailbox security
  • Mailbox reaching capacity

How to identify a phishing scam

Be wary of emails that:

  • Come from an unknown sender and ask you to provide personal information
  • Apply emotional pressure to persuade you into providing personal information
  • Ask you take action on a matter that you don’t recognize and/or don’t expect
  • Use poor spelling and/or poor grammar
  • Appear to come from a reputable business, but the sender’s email address does not match the company's name
  • Display a suspicious URL when you move your mouse over links in the email

You can hover your cursor over links in the email to view the URLs they go to, but be careful to not actually click the links if you don't trust them.

What is at risk?

Fraudulent email messages are typically sent to obtain personal and private financial information. They ask for confidential information, such as your account username, account number, and password. See our article Identifying Fraudulent Emails "Phishing" for more information about identifying fraudulent emails.

How to identify a real email from Shaw

  • Phishing scams often try to gain control over email accounts
  • There are times when Shaw may ask you to fill out a form, such as a DocuSign form, as part of the customer service process. These forms will always be sent to you by a trusted Shaw source, who you should already be familiar with as part of the customer service process
  • If you receive such an email and are not familiar with the sender, contact us to confirm its legitimacy before opening any links or attachments
  • Legitimate emails from Shaw will end in @marketing.shaw.ca, @shaw.sjrb.ca, @sjrb.ca or @shawdirect.ca
  • We would never ask for any sensitive information over email, such as home address, credit card information, login credentials, etc.

What to do if you think your information is at risk

  • Change your username and password
  • Recover/change your MyShaw Account password
  • Contact Shaw to report an incident related to your Shaw account by emailing reportspam@shaw.ca
  • Inform your bank if you feel you have reason to believe your banking information may have been compromised
  • Contact local law enforcement to open an investigation if you have been the victim of a targeted attack

What is at risk?

Nobody likes spam, and in some cases it can lead to scams and phishing attempts to steal login credentials or install ransomware. The quickest way to report spam to Shaw is through Webmail, but you can also forward spam to Shaw from a 3rd party email app.

Report spam using Shaw Webmail

When you use this method to report spam, your email headers will be submitted to Shaw automatically.

  • Go to https://webmail.shaw.ca
  • Log in to Webmail with your username and password
  • Open the spam email, but not the attached files or links
  • Click the Spam button at the top of the window

Report spam using 3rd party email apps

If you would prefer to report spam to Shaw through your 3rd party email app:

  • Forward the spam email to reportspam@shaw.ca
  • Include the spam's email headers into the body of your email

Overview

A scam is circulating, targeting business and residential customers, requesting they make payments using Bitcoin. Shaw does not request or accept payment by Bitcoin.

What is Bitcoin?

Bitcoin and other cryptocurrencies are types of encrypted digital currencies that claim to make purchasing online goods and services more secure. As these cryptocurrencies become increasingly popular, so do the related scams.

How does the scam work?

Fraudsters posing as representatives of reputable organizations are demanding customers to make bitcoin payments to their account and threatening to disconnect services if payments aren't made. Customers will receive a fictitious call-back number that is unrelated to the organization the caller is claiming to be representing. They’ll demand for payments to be made right away using a QR code and are known to provide a physical address to deposit the money using a Bitcoin machine.

How to Protect Yourself

haw does not accept any form of cryptocurrency for payment and will never ask you to pay using this method. We will also never immediately disconnect a customer’s service without notice. If you receive a suspicious call or text of this nature claiming to be from Shaw, contact us directly at 1-800-472-2222 or chat with us live on Shaw.ca.

  • Visit Support for more information about the different Self Serve Payment Options available to Shaw customers
  • Always use a strong and unique password with a mix of letters and symbols
  • If you receive a suspicious call, never give out any personal information and never share your Two-Factor authentication code

Keeping your internet safe

From how to set up parental controls to adding network security to your account, visit Support to learn more about Shaw’s commitment to ensuring the protection of your information and network.

Browser not supported. For a better experience using this site, please update your browser.