Skip to Main Content
Return to Navigation

Cyber security

Stay aware and secure online

We rely on connectivity more than ever before and the importance of cyber security has never been greater. We are committed to keeping you informed about cyber-threats and the strategies you can use to protect yourself.

What is at risk?

Nobody likes spam, and in some cases it can lead to scams and phishing attempts to steal login credentials or install ransomware. The quickest way to report spam to Shaw is through Webmail, but you can also forward spam to Shaw from a 3rd party email app.

Report spam using Shaw Webmail

When you use this method to report spam, your email headers will be submitted to Shaw automatically.

  • Go to https://webmail.shaw.ca
  • Log in to Webmail with your username and password
  • Open the spam email, but not the attached files or links
  • Click the Spam button at the top of the window

Report spam using 3rd party email apps

If you would prefer to report spam to Shaw through your 3rd party email app:

  • Forward the spam email to reportspam@shaw.ca
  • Include the spam's email headers into the body of your email

What is at risk?

Fraudulent email messages are typically sent to obtain personal and private financial information. They ask for confidential information, such as your account username, account number, and password. See our article Identifying Fraudulent Emails "Phishing" for more information about identifying fraudulent emails.

How to identify a real email from Shaw

  • Phishing scams often try to gain control over email accounts
  • There are times when Shaw may ask you to fill out a form, such as a DocuSign form, as part of the customer service process. These forms will always be sent to you by a trusted Shaw source, who you should already be familiar with as part of the customer service process
  • If you receive such an email and are not familiar with the sender, contact us to confirm its legitimacy before opening any links or attachments
  • Legitimate emails from Shaw will end in @shaw.ca, @marketing.shaw.ca, @shaw.sjrb.ca, @sjrb.ca or @shawdirect.ca
  • We would never ask for any sensitive information over email, such as home address, credit card information, login credentials, etc.

What to do if you think your information is at risk

  • Change your username and password
  • Recover/change your My Account password
  • Contact Shaw to report an incident related to your Shaw account by emailing reportspam@shaw.ca
  • Inform your bank if you feel you have reason to believe your banking information may have been compromised
  • Contact local law enforcement to open an investigation if you have been the victim of a targeted attack

What is phishing?

Phishing is when cybercriminals attempt to gain access to your personal information by:

  • Sending you links to websites that appear trustworthy, and then stealing your information when you try to log in
  • Persuading you to reply to an email with personal information
  • Adding a trigger to emails that will download malicious software in order to steal your data, encrypt your files for ransom money, and other malicious practices

What attacks are happening?

Fraudulent messages and phishing attempts often include false messages related to:

  • Declined payments
  • Updating Webmail account details
  • Signing in to your account
  • Updating billing information
  • Activating your Shaw ID
  • Account changes
  • Mailbox security
  • Mailbox reaching capacity

How to identify a phishing scam

Be wary of emails that:

  • Come from an unknown sender and ask you to provide personal information
  • Apply emotional pressure to persuade you into providing personal information
  • Ask you take action on a matter that you don’t recognize and/or don’t expect
  • Use poor spelling and/or poor grammar
  • Appear to come from a reputable business, but the sender’s email address does not match the company's name
  • Display a suspicious URL when you move your mouse over links in the email

You can hover your cursor over links in the email to view the URLs they go to, but be careful to not actually click the links if you don't trust them.

What is malware?

Malware is malicious software created to cause damage or disrupt your computer system and potentially provide unauthorized access to your computer, server or network. It can be delivered over email via a link or attached file, instant messaging, internet browsing and social media. Some of the most common types of malware are viruses, worms, spyware, Trojans and ransomware.

What attacks are happening?

Security researchers have discovered a new COVID-19-themed malware. For example, there are COVID-19 tracking maps that imitate legitimate sites but actually rewrite computer operating systems and then post a message that the machine has been infected with ransomware.

How can you protect yourself?

  • Update your software regularly to patch vulnerabilities
  • Don’t open links and attachments from unfamiliar email addresses
  • Watch out for malicious websites that can infect your device
  • Don’t plug unfamiliar storage drives into your device

What is ransomware?

Ransomware is malicious software that infects your computer and makes your data inaccessible. The attacker will demand a ransom in return for access to your data.

What attacks are happening?

Ransomware criminals stepped up their attacks amid the COVID-19 pandemic. They have targeted the networks of aid organizations, medical billing companies, manufacturing, transport and government institutions, and educational software providers. New ransomware is constantly developed and launched.

How can you protect yourself?

  • Backup your data regularly
  • Don’t open links and attachments from unfamiliar email addresses
  • Use antivirus software from a reputable company
  • Update your software regularly to patch vulnerabilities
  • Avoid connecting to public Wi-Fi

What is at risk?

We rely on our devices to stay connected, which makes it critical to take proper measures to protect the personal data we have stored, such as credit card, banking and tax information, medical records, photos and even confidential work information.

Why is it important?

It’s easy for laptops, tablets and smartphones to get lost or stolen. And your personal data can even be stolen when connecting to public networks, which requires further awareness on your part. Without strong passwords and network awareness, it is easy for unauthorized users to access your data.

How can you protect yourself?

  • Always turn user authentication on for your devices
  • Update your software regularly to patch vulnerabilities
  • Avoid connecting to public Wi-Fi to decrease exposure to malware
  • Use a password manager to keep track of your strong, complex passwords
  • Enable remote lock and data wipe services on your lost or stolen devices

What is at risk?

With so much information about you residing in the cloud, passwords are often the only defense between cybercriminals and your online life.

What are common password attacks?

Dictionary attack

The hacker uses a list of short, common words with number combinations to get through weak and oversimplified passwords.

Brute force

A program is used to generate passwords and random character sets, starting with commonly used, weak passwords like Password123.

Traffic interception

The cybercriminal uses software to monitor network traffic and capture passwords as they’re entered. Similar to tapping a phone line, the software captures your information.

Man in the middle

A program monitors information exchanges and inserts itself in the middle of the interaction by impersonating a website or app. This tactic captures the user’s credentials and other sensitive information.

Key logger attack

A cybercriminal installs malware that tracks the user’s keystrokes. This allows the gathering of credentials for specific accounts and websites.

How can you protect yourself?

  • Use strong and unique passwords that are long and utilize letters and symbols
  • Enable Multi Factor Authentication (MFA) across all your sensitive accounts
  • Use a password manager to keep track of your strong, complex passwords
  • Don’t reuse passwords, credentials are often sold after your passwords are hacked

What is at risk?

With the Internet of Things growing in popularity due to the increase in smart home devices, it is essential to keep your router secure. It controls access to your home Wi-Fi network and is the barrier between cybercriminals and all your connected devices.

What attacks are happening?

Inbound attacks

Inbound attacks occur if your home network is breached via the Internet through connected devices such as desktop computers, tablets, smart TVs, and game consoles.

Outbound attacks

Outbound attacks refer to instances when hackers access a home device through the Internet and then use that device to remotely launch malware and obtain sensitive information or attack other networks.

How can you protect your network?

  • Change your router’s default password, which is separate from the Wi-Fi password
  • Regularly change the Wi-Fi password
  • Keep your router’s firmware up to date
  • Update your software regularly to patch vulnerabilities
  • Disable remote access as most users will not need it
  • Disable Universal Plug and Play (UPnP) and set up your TV and consoles properly
  • Be security-aware about which apps, programs and browser extensions you use

What is at risk?

There has been a surge of video conferencing platforms and technologies. With this, the number of criminals trying to take advantage of new and untrained users also increases.

How can you protect yourself?

  • Do not share meeting links and send them directly to the attendees only
  • Attend only those meetings you’ve registered for and are expecting
  • Exercise caution regarding unexpected files or links shared during the meeting
  • Don’t use your personal meeting room for public meetings
  • Only allow registered users to join
  • Enable the waiting room feature to control who gains access
  • Lock the meeting when all attendees have joined
  • Set up a unique meeting ID and password
  • Update your software regularly to patch vulnerabilities

What is at risk?

The aim of many cybercrimes is to steal one’s personal identity or financial resources and information.

How can you protect yourself?

  • Use strong and unique passwords that are long and utilize letters and symbols
  • Use antivirus software from a reputable company
  • Only download software from trusted sources
  • Avoid connecting to public Wi-Fi
  • Be wary of information requests for personal information and stay updated about online scams

What is Protected Browsing

Available to all customers with the BlueCurve Gateway XB6 modem, Protected Browsing is an opt-in service that you can use to help safeguard your home network against malicious content. In order to use the feature - which we offer at no additional cost - you must enable it using the BlueCurve Home app or website by going to the Network section and selecting Protected Browsing. You can turn it off at any time.

How can you protect yourself?

When enabled, Protected Browsing can reduce the risk of accessing known sources of malware, spyware, and phishing for all devices connected to your home network.


The feature is powered by Zvelo, a leading provider of filtering technology that is used by many organizations including Internet and security providers. Zvelo maintains and updates the list of filtered sites. If a device connected to your home network attempts to access a website known to host malicious content, a block page will be displayed. In the case of secure websites (https) or mobile applications, the block page may not be displayed, but access is still prevented.

Recent Phishing Attempts

Fraudulent email messages are typically sent to obtain personal and private financial information. They ask for confidential information, such as your account username, account number, and email password. In order to keep your identity safe, it is important to know what to look for.

Browser not supported. For a better experience using this site, please update your browser.