photo: Hailshadow/iStock

The 3 Most Common Phishing Scams

By AMA Staff

Online fraud is an increasing problem in Canada—and the rest of the “connected” world. Though most internet users are now suitably wary of downloading viruses and opening emails from obviously fake sources, criminals have also been fine-tuning their practices in the hope of catching us unawares. One such nefarious method is the phishing scam, whereby you receive an email that appears to be from a reputable company or even from a known contact, which asks you to click a link or send information—in order to update your bank account or Netflix subscription, for example.

Here are three of the most common phishing scams affecting Albertans, and what you should do if you’re targeted. 

In this scam, you receive an email telling you that Canada Post tried to deliver a package to you. You’re asked to click on a link or visit a post office to arrange for the delivery. This instruction reveals the fraudulent nature of the email. Canada Post will always live a delivery-notice card on your door or in your mailbox if you aren’t home when they attempt a delivery.

What to do:

• Don’t click on any of the links in the email.
• Check the sender’s email address—you may notice that it doesn’t originate from an official Canada Post account.
• Delete the email (unless you’ve requested email notification from Canada Post).
• Remember that Canada Post will never send an unsolicited email asking you for personal information.

There are a couple of variations on CRA email scams. In one, you’re sent a message telling you that you have a pending tax refund. The email includes a link that directs you to a website that mimics the CRA’s actual site, where you’re urged to enter your information (Social Insurance Number, date of birth, banking information) in order to facilitate a money transfer—which, of course, never comes.

How to spot a phishing email

A second CRA scam tries an opposite tactic: An email is sent informing you that you must pay outstanding taxes, and failure to do so will result in your bank accounts being frozen or possibly your arrest. Sometimes, to apply more pressure, the fraudsters then contact victims by phone, saying they’re calling from CRA or the police.

What to do:

• Don’t click on any of the links in the email.
• Don’t provide any personal information or send any money.
• Delete the email.
• Confirm your tax situation is as it should be, by logging into your CRA account.
• If you’ve shared personal information, notify your financial institution(s) to place alerts on your account(s).
• Remember that the Canadian Revenue Agency will never ask for your personal information via email or text message.

Beware of emails that appear to be from well-known financial institutions. There is, for example, an ATB phishing scam that targets potential victims with an email that tells them their online account has been temporarily suspended for security reasons. You’re then asked to log in to the fraudster’s “official” website to confirm your information and reactivate your account.

Tips for improving your online passwords’ strength

A similar Bank of Montreal scam features an email stating that your card has not been enrolled in the bank’s new authentication services; it warns that you won’t be able to use your card until you click a link to enroll. When you click the link you’re taken to a site that asks for your bank login details, credit card number, and other personal information that can be used for fraudulent purposes.

What to do:

• Don’t click any of the links in the email.
• Delete the email.
• Report the scam to your financial institution. Most major banks have teams that investigate these types of scams.
• Remember that your bank will never ask you for personal information via email or text message.