"Click here to get your refund"
"Your account is out of date"
"Here’s your invite to our new video calling service!"
Phishing scams – or email fraud are as old as e-mail itself. The scams are all attempts to get you to volunteer your personal information to criminals or to install malware on your computer or mobile device. Criminals attempt to fool you by sending email messages that point to fake websites. The email you receive may look real, with company logos, links and branding, but when you enter your information into the website, that sensitive data is handed right over to criminals.
Is it a scam?
Here are a few ways to spot a phishing scam:
- Is the information request legit? Your bank will never send you an email, or call you on the phone, demanding that you disclose personal information such as your password, credit or debit card number, or your mother’s maiden name.
- Does the email have a sense of urgency? Warnings that your account will be closed or your access limited if you don’t reply is a telltale sign of a phishing scam.
- Does the sender email seem suspicious? Check the "from" address. If you hover your curser over the name, you can see the actual electronic email address. Some phishing attempts use a sender email address that looks legitimate but isn’t – one red flag is when email domain doesn’t match the organization that the sender says they are from.
- Does the email contain a suspicious link or an attachment you weren’t expecting? Phishing emails often include embedded links that look valid, but if you hover over them, you can usually see the real hyperlink. If the hyperlinked address isn’t the same as what appears in the email, it’s probably a phishing attempt. Never open suspicious attachments.
Many organizations can, and have, been the targets of phishing scams, including banks. Check out these examples of some recent email scams:
What banks are doing to protect you from phishing
Banks take extensive steps to protect your personal information entrusted to them and to help you protect it as well. It is important to remember that fraudulent e-mails sent out by criminals may look like they come from banks, but they are not connected with banks at all.
Banks have teams of security experts working behind the scenes to find these fraudulent websites and shut them down as soon as they are detected to prevent any of their customers from becoming victims of fraud.
Consumer education is also one of the best ways to stop phishing and prevent customers from inadvertently disclosing their personal information. Most banks have information available on their websites providing practical tips on how to protect yourself and your money. Check with your bank for tips and information. Click the links below to be connected to the phishing pages on individual bank websites.
How to avoid e-mail fraud
There are some simple steps you can take to avoid becoming the victim of phishing and e-mail fraud:
- Be skeptical. Fraudulent e-mails can look like they come from a real bank e-mail address. If you have any doubts about an e-mail that looks like it is from your bank or a reputable company, contact them before responding to ensure that it is legitimate. But don’t use the toll-free number, e-mail address or website address provided in the e-mail: they may link you to the criminals rather than the bank. Use a phone number, e-mail address or website address that you know is correct.
- Never send personal and/or financial information by e-mail.
- Always enter your bank’s website using the website address (URL) that you know is accurate. Contact your local bank to get the correct website address if you're unsure.
- Regularly review your bank and credit card statements to ensure that all transactions are authorized. Also check your credit report at least once a year by contacting credit reporting agencies Equifax Canada and TransUnion Canada.
- Make sure that your home computer is protected. Install anti-spam, anti-spyware and anti-virus software and make sure they are always up-to-date. You should also install a personal firewall to act as a barrier to viruses and other external attacks and check for operating system patches and upgrades on a regular basis.
If you receive a phishing e-mail, there are two things you should do: report it and delete it. Reporting any fraudulent e-mails you receive to the bank or other company being spoofed, you can help us prevent other people from falling for e-mail fraud. To report a fraudulent email, be sure to send the email as an attachment.
Did you know?
The CBA offers a free fraud prevention seminar for seniors and students as part of its Your Money Seniors and Your Money Students financial literacy seminar programs. Request a fraud prevention seminar today!