Fraud Prevention Month 2022

Many fraudsters use impersonation tactics to pose as a trusted source to steal money or personal information. This is why the Fraud Prevention Month will focus on impersonation scams. Learn more about some of the top scams and fraud of 2021 to protect yourself.

On this page

• Crypto investment scams
• Extortion
• Emergency/grandparent scams
• Phishing
• Spear phishing

Crypto investment scams

Fraudsters are posing as friends, family and others to offer fake investment opportunities to steal money. The investment opportunities offer higher than normal or true monetary returns which often result in investors losing most or all of their money.

Investment scams were the highest reported scams based on dollar loss in 2021. Most of the investment scam reports involve Canadians investing in cryptocurrency after seeing a deceptive advertisement. It often involves victims downloading a trading platform and transferring cryptocurrency into their trading account. In most cases, victims are not able to withdraw their funds.

Variations

Note: Fraudsters impersonate trusted people to make their investment opportunities seem credible and to get more money from the victims.

• A romance scam turns into an "investment opportunity"
• Fraudsters compromise social media accounts and target the friends to pitch "investment opportunities"
• Phone calls soliciting "investment opportunities" and often asking for remote access to the victim's computer
• Fraudulent Initial Coin Offering (ICO) investment opportunities
• Emails offering a crypto investment opportunity
• Social media advertisements for investment opportunities

How to protect yourself

• Always research the team behind the investment opportunity
• Analyze the feasibility of the project
• Verify the business's reputation
• Be careful when sending cryptocurrency – transactions often can't be reversed
• Verify if the investment companies are registered with your provincial securities agency or the National Registration Search Tool
• If you get a suspicious message from a friend, reach out to them through a different means of communication to confirm that it is them
• Do not send your crypto investments on legitimate exchanges to other crypto addresses

Learn more about investment scams.

Extortion

In these scams, consumers and businesses can be contacted via phone, email and/or text message by fraudsters posing as:

• Police officers
• Government agents
• Bank employees
• Hydro company officials
• And more!

Variations

• Fraudsters may tell you that your Social Insurance Number (SIN) is compromised or linked to criminal activity and will ask for your personal information such as SIN, DOB, name, address and account balances.
• Fraudsters may call claiming to be Canada Border Services Agency (CBSA). They try to make you believe that a package addressed to you was intercepted by Canada Post containing illegal substances. After asking you to dial 1 on the automated phone call, the fraudsters will ask for personal information and will request that you withdraw money and deposit it into a "safe account".

How to protect yourself

• No government agency will contact you and tell you that your SIN is blocked.
• Never provide personal information over the phone to an unknown caller.
• Do not assume that phone numbers appearing on call display are accurate.
  • Fraudsters manipulate caller ID to display phone numbers starting with your area code.
  • This is called "Call-Spoofing" and this technology is easily available.
  • Be wary of automated calls asking you to dial 1 to speak with an officer.

Learn more about extortion.

Emergency/grandparent scams

Suspects contact seniors or family members claiming that their grandchild or family member was:

• in an accident
• charged with an offence, such as a DUI and drug offences
• is ill with COVID-19

Suspects will claim that they are law enforcement officials, lawyers and even impersonate the grandchild/family member. They will proceed to advise the victim that a payment for supposed bail or fine is required immediately in order for the family member to avoid going to jail. If the victim agrees to pay the requested amount, suspects will arrange to pick up the funds in person or will ask the victim to send cash in the mail.

How to protect yourself

• If you receive a suspicious phone call claiming to be from a family member in an emergency situation, hang up the phone and contact them directly.
• If the caller claims to be a law enforcement official, hang up and call your police directly.
• Listen to that inner voice that is screaming at you: "This doesn't sound right".
• Be careful what you post online.
  • Scammers can use details shared on social media platforms and dating sites for targeting purposes.
  • Suspects can easily gather names and details about your loved ones.
• Be suspicious of telephone calls that require you to immediately take action and request bail money for a family member in distress.
• Be careful with caller ID numbers that look familiar.
  • Scammers use technology to disguise the actual number they are calling from (spoof) and make it appear as a trusted phone number.

Learn more about emergency / grandparent scams.

Phishing

Phishing is one of the easiest ways for fraudsters to steal log in credentials, personal information or even infiltrate corporate networks.

Fraudsters will use mass email campaigns to send messages that appear to be from recognized institutions, companies or government agencies. These emails may:

• Claim that you need to update your account or that money is ready to be deposited.
• Contain malicious links or attachments.
• Appear to be a receipt from a purchase, delivery notification or a fraudulent notice to appear in court.

If the link or attachment is clicked, your computer will be infected with malware.

Financial institutions are often impersonated by fraudsters in an attempt to make their frauds sound more convincing. The CAFC encourages consumers to reach out to their financial institutions directly if they have concerns about their accounts.

How to protect yourself

• Beware of unsolicited text messages and emails from individuals or organizations asking you to click on a link or open an attachment; do not click on links or attachments; they can contain viruses.
• Be wary of spelling mistakes in e-mails or text messages.
• Verify the hyperlink by hovering your curser over the link or button.
• Set-up multifactor authentication for all online accounts.
• The Government of Canada will never send funds by email or text message.

Learn more about phishing.

Spear phishing

Spear phishing fraud is one of the most prevalent frauds targeting businesses and organizations. Fraudsters take their time to collect information on their intended targets, so they can send convincing emails from a seemingly trusted source. Fraudsters will infiltrate or spoof a business or individual email account. They create a rule to send copies of incoming emails to one of their own accounts. They comb through these emails to:

• study the sender's use of language.
• look for patterns linked to important contacts, payments, and dates.

Fraudsters launch their attack when the owner of the email account can't be easily contacted by email or by phone. It may look like a top executive sending an email to their Accounts Payable department requesting an urgent payment to close a private deal. If the fraudsters haven't infiltrated the executive's email account, they may set up a domain similar to the company's and use the executive's name on the account. The contact information they need is often found on the company's website or through social media.

Variations of spear phishing attacks include:

• A business receives a duplicate invoice with updated payment details supposedly from an existing supplier or contractor.
• An accountant or financial planner receives a large withdrawal request that looks like it's coming from their client's email.
• Payroll receives an email claiming to be from an employee looking to update their bank account information.
• Members of a church, synagogue, temple, or mosque receive a donation request by email claiming to be from their religious leader.
• An email that seems to come from a trusted source asks you to download an attachment, but the attachment is a malware that infiltrates an entire network or infrastructure.
• An email that seems to come from trusted source asks you to buy gift cards.

How to protect yourself

• Remain current on frauds targeting business and educate all employees.
• Include fraud training as part of new employee onboarding.
• Put in place detailed payment procedures.
  • Encourage a verification step for unusual requests.
• Establish fraud identifying, managing and reporting procedures.
• Avoid opening unsolicited emails or clicking on suspicious links or attachments.
• Take a few seconds to hover over an email address or link and confirm that they are correct.
• Restrict the amount of information shared publicly and show caution with regards to social media.
• Routinely update computer and network software.
• Consider getting your business certified with CyberSecure Canada.

Learn more about spear phishing.

Date modified:

2022-03-01