Note: On Thursday, January 30, unusual emails messages that appear to be from The Presbyterian Church in Canada appeared in many congregational inboxes. These messages were spam. If you received one of these messages, delete it immediately. Do not reply and do not click any links.

Email PhishingEvery year, thousands of Canadians fall victim to fraud, losing millions of dollars. Most don’t think it could happen to them, but fraudsters use sophisticated ways to target people of all ages. The impact of fraud on individuals, families and businesses can be devastating. Retirement savings, homes, businesses and in some cases, lives have all been lost.

Scammers are duping people with increased efficiency; their tactics and methods have evolved and become more and more refined. The best way to protect yourself from becoming a victim is by being aware of popular scams, and how to avoid them.

Email Scam

Phishing scam is the fraudulent practice of sending email purporting to be from a reputable source for the purpose of having you reveal private information. Some of the more common scams include emails that claim to be from Canada Revenue Agency (CRA) or various banking institutions.

Be extra cautious if you’re ever asked to provide sensitive information (e.g., your name, password, account number, Social Insurance Number)—a financial institution or government revenue agency would never ask for this by email.

Equally on the rise is the prepaid gift cards scam. This is usually an email purporting to come from someone you know such as your boss, person in position of authority, co-worker, business associate, friend or family member. It usually starts with something like “Let me know when you are available,” “Can you do me a favour?” or “There is something I need you to do” and asks you to reply. The initial email is often very vague and short on details.

The victim is asked to purchase the gift cards—most commonly Google Play, Amazon, Apple iTunes, Steam Wallet, Home depot or Walmart cards—then to scratch and send the codes to the fraudster by email.

Best practices

  • Don’t click on reply when verifying the authenticity of suspicious email that appears to come from someone you know, as the “from” email address might be different from the “reply” email address. You should create new email using the email address you have of the person.
  • If you aren’t sure who sent you the email—or something doesn’t look quite right—don’t open it.
  • Be suspicious of every link in an email. Don’t click on the link in an email unless you were expecting it even if it is from someone you know.
  • Don’t open an email attachment that you weren’t expecting, or that was sent by someone you don’t know.
  • Always be wary of emails from financial institutions, Internet service providers and other organizations asking you to provide personal information online. If in doubt, call the company directly and ask them to verify the email.
  • Always look for the “pad lock” icon and an https:// to be sure you have a safe and secure connection when doing online banking, shopping or sending personal information.
  • Never use automatic login features that save your username and password. Take the time to re-enter your password each time.
  • Clear your browser cache after banking or shopping online to make sure your personal information isn’t stored on your computer.
  • Keep your software up to date. (Operating system, anti-virus, browser, etc.)
  • When browsing the web, you might see something suddenly appear on the page warning you about a problem with your device. It might even look like the alert is coming from your device. It isn’t. These alerts are pop-ups, designed to trick you into calling a phony support number or buying an app that claims to fix the issue. Don’t call the number. Simply navigate away from that page.
  • Before you share personal information, consider carefully what you’re putting out there through email and social networking sites. This could include information like your cell number, address, hometown, workplace, status updates that let people know you’re away, and other revealing details.
  • Don’t use your credit card online unless you know the company you’re dealing with is reputable and the website is secure.
  • Public Wi-Fi, like those in coffee shops, libraries or airports, are not secure. Never send personal information through public Wi-Fi.

Phone Scam

Phone fraudsters pose as agents from the bank, revenue agency or the police looking to collect money owed to Canada Revenue Agency and threaten you will be arrested if you do not pay immediately. In some scams, they act friendly and helpful. In others, they might threaten or try to scare you. The fraudster may give you a false name, ID/badge number before asking you to send money via prepaid gift cards or Bitcoin to a fake government account.

The fraudster may also use a program to display the name and phone number of revenue agency, bank or local police on your call display.

The caller might claim that:

  • you were “selected” for an offer or that you’ve won a lottery. But if you have to pay to get the prize, it’s not a prize;
  • criminal activities were detected on your bank account and you need to move/transfer your money to a safe account;
  • a lawsuit has been filed against you by the CRA;
  • a warrant of arrest has already been issued under your name;
  • you will be deported if you do not pay the money demanded;
  • other similar threats to get you to share your personal tax information and/or pay money;
  • your tax calculation has been completed, and you will receive a tax refund by going through a link and submitting information;
  • you or your company is being accused of participating in tax evasion schemes;
  • several discrepancies have been found with your filed taxes which need to be revised;
  • you’ve received an e-transfer from the CRA for what appears to be a tax refund;
  • an “investigation” has been started on your CRA claim.

Notes

  • Canada Revenue Agency never leaves voicemail messages threatening arrest.
  • The CRA never sends emails or messages with a link asking for personal or financial info.
  • The CRA never sends out text messages.
  • The CRA will never ask you to click on any link to get a refund or to collect personal or financial information.
  • The CRA will never request a payment by Interac e-transfer, online currency such as bitcoin, prepaid credit cards or prepaid gift cards such as Google Play, Amazon, Apple iTunes, Steam Wallet, Home Depot or Walmart cards, etc.
  • The CRA will never threaten you with immediate arrest, use abusive language or send police.
  • Financial institutions will never ask you to transfer money from one account to another over the phone.

Best practices

  • Hang up immediately if you receive a suspicious phone call or voicemail.
  • You should never leave personal information on an answering machine.
  • If in doubt, call Revenue Canada or your financial institution directly and ask them to verify the phone call.

*Don’t be the victim of a scam. If it sounds too good to be true, it probably is.*

—Information provided by Nkwuda Oke, PCC Computer Systems Manager