The word phishing comes from the analogy that Internet scammers are using email lures to 'fish' for passwords and financial data from the sea of Internet users.

Phishing, also called "brand spoofing"; is the creation of email messages and Web pages that are replicas of existing, legitimate sites and businesses. These Web sites and emails are used to trick users into submitting personal, financial, or password data. These emails often ask for information such as credit card numbers, bank account information, social insurance numbers, and passwords that will be used to commit fraud.

The goal of criminals using brand spoofing is to lead consumers to believe that a request for information is coming from a legitimate company. In reality it is a malicious attempt to collect customer information for the purpose of committing fraud.

Warning sign(s) - How to protect yourself

  • Do not reply to any email that requests your personal information.
  • Look for misspelled words.
  • Contact the financial institution immediately and report your suspicions.


Traffic Infringement Scams

Canadians receive email notices that appear to come from government authorities such as police. The notices claim that the recipient has been issued a traffic infringement or violation. The email includes the reason for the infringement, usually negligent driving, an infringement number, date of issue and the amount due. The email states that the fine must be paid immediately and either directs them to click on a link to make the payment or to click on an attachment. Those who click on the link are then asked to enter personal information. The email variation with the attachment, claims it is photographic proof of the infringement. The attachment is usually a .zip file that once opened can infect your computer or device with a virus.

Fraudsters use the name of legitimate police services and businesses as a way to get personal information from unsuspecting consumers. Government bodies and police services do not issue traffic notices via email, nor do they request email addresses during a traffic stop.

Warning sign(s) - How to protect yourself

  • Beware of unsolicited emails from individuals or organizations prompting you to click on an attachment or link.
  • Watch for spelling and formatting errors.
  • Check the embedded hyperlink in the suspicious email by hovering your mouse over the link to verify the address.
  • Go with your gut. If an email seems fishy, it probably is.

Alert: RCMP email fraud Notice to Appear In Court - Royal Canadian Mounted Police - Division of Court Services

The CAFC is warning individuals about a new phishing scam using the name, logo and website header of the Royal Canadian Mounted Police (RCMP).

Traditional phishing emails are designed to trick the victim into thinking they are dealing with their own financial institution. Scammers are now using the same tactics to capture personal information by using the name of legitimate organizations, like the RCMP, the Better Business Bureau and courier services like FedEx.

Recently, the CAFC received a report where a business received an email with the subject line: "Notice to Appear In Court - Royal Canadian Mounted Police - Division of Court Services". The email contains an attachment that may contain a virus, malware and/or spyware. Alternatively there may be an embedded hyperlink that contains malicious software.

Wire frauds (two types)

Canadian businesses are being targeted by two types of wire fraud: the Business Executive Scam and the Financial Industry Wire Frauds.

In the Business Executive Scam, also known as the Business Email Compromise, the potential victim receives an email that looks like it came from an executive in their company who has the authority to request wire transfers. In some cases, the fraudsters create email addresses that mimic that of the CEO or CFO. In other cases, the fraudsters have compromised and used the email account belonging to the CEO or CFO. An employee authorized to make wire transfers will receive the fraud email message. Often it will state that the "executive" is working off-site and has identified an outstanding payment that needs to be paid as soon as possible. The "executive" instructs the payment to be made and provides a name and a bank account where the funds, generally a large dollar amount, are to be sent. Losses are typically in the excess of $100,000.00.

In Financial Industry Wire Frauds, Canadian financial institutions and investment brokers receive fraudulent email requests from someone they believe to be an existing client. Unbeknownst to them, their client's email account has been compromised. The fraudster requests that the financial institution or investment broker transfer money from "their" bank account usually to a foreign bank account.

Warning sign(s) - How to protect yourself

  • Beware of unsolicited emails from individuals or financial institutions presenting an urgent situation requiring immediate attention.
  • Prior to sending any funds or product, make contact with existing clients in person or by telephone to confirm that the request is legitimate.
  • Watch for spelling and formatting errors and be wary of clicking on any attachments, they can contain viruses and spyware.

Phone number spoofing

I received a call and my call display indicated a phone number 123-456-7890 or 777-777-7778 (or any other strange combination of numbers).

This is a phone number that has been programmed into the system so your call display indicates a different number than the originators. Although this does not mean the offer you are receiving is illegal, you should certainly have a "red flag" approach to any offer.

Why would a legitimate company try to obscure their identity?

Automated dialers

The phone is ringing but no one is there when I answer.

Your phone may have a technical problem but you may also be receiving calls from an automatic dialer that logs the time the phone is answered. A telemarketer uses the information to indicate when a person will be at your number to answer the phone.

For more information on Automatic Dialers you can research the CRTC web site.

Unsolicited service calls - general services

Any false, deceptive or misleading promotion of services or solicitation for services. These scams typically involve third parties that make offers for telecommunications, internet, finance, medical and energy services. This category of scams may also include, but is not limited to, offers such as extended warranties, insurance and sales services.

If you have received an unsolicited telephone offers or a card in the mail you should use the "buyer beware" philosophy. Educate your choices.

Warning sign(s) - How to protect yourself

  • Credit card charges from foreign banks appearing on your statement ranging from $35.00 to $469.00.
  • Do you already have an existing warranty?
  • Have you checked with your car dealership?
  • How is the offer worded - does it make sense? Is it realistic?
  • Research on the internet.

Unsolicited computer repair services

Generally, this scheme involves company representatives calling individuals and stating, for example, that it is Microsoft calling and that their computer is running slow or has viruses. They offer to repair the computer over the internet, which can involve the installation of software or the customers allowing the representatives remote access to their computer.

Recent variation being reported to the CAFC have involved the suspects identifying themselves as the Canadian Cyber Incident Response Centre and have taken a more aggressive approach with individuals by stating their computer is being used by hackers and that they will be held responsible if they do not allow the suspect to repair their computer.

Allowing a third party to download software or remotely access a computer carries inherent risks. Keyloggers or other malicious software could be installed to capture sensitive data such as online banking user names and passwords, bank account information, identity information, etc.

Warning sign(s) - How to protect yourself

  • Unsolicited call representing computer repair-company (e.g. Microsoft) or indicating that it is the Canadian Cyber Incident response Centre.
  • Caller requesting remote access to your computer or for you to view your event viewer.
  • Urgent solicitation indicating there is a threat to your computer.
  • Protect your computer with anti-virus software, spyware filters, email filters and firewall programs.

Unsolicited vacation offers

Research the company with the Better Business Bureau and other sources from the internet.

If you have not requested information then "buyer beware" should be your thought process. Don't fall for a high pressure sales tactic, if it's a deal, it will be available again. If it is a prize you need not pay for it.

If your vacation call asks you to press a number like "9" or "5" it does not allow them to take over your residential line.

Warning sign(s) - How to protect yourself

  • Some of the solicitations are valid, some are not.
  • Some offers are subject to you entering into a Timeshare agreement.
  • Some offer a high end vacation but reserve the right to change this location subject to availability

Unsolicited travel offers

By simply filling out a ballot to win a vacation at a home, boat or auto show, you may be set up for "suckers lists". Shortly after filling out this ballot, you may be contacted over the phone by someone claiming to offer you a "free" or "low cost" vacation. They will ask for your credit card number and personal information in order to hold the vacation for you, or they may request money in advance.

Don't give out your credit card information over the phone. If you want to check out the value of these promises, seek out the advice of a legitimate travel agency in your area. If you have provided credit card information to the telemarketers, be aware that most companies have policies that allow you to cancel your reservation within 30 days. Do not let anyone pressure you into committing to any agreement over the phone.

Helpful Link(s)

Always report phishing or 'spoofed' emails. If you've received one of these suspicious emails, report it to the CAFC or the financial institution that it appears to be from.

Were you a victim?

Canadian Anti-Fraud Centre
Toll-free: 1-888-495-8501

Competition Bureau of Canada
Toll-free: 1-800-348-5358

Ontario Provincial Police
Toll-free: 1-888-310-1122

Financial Consumer Agency of Canada
Toll-free: 1-866-461-3222

Better Business Bureau
(BBB Locator Tool)

Fraud: Recognize, report and stop it!

Date modified: