There have been a number of phishing schemes active recently that you should be aware of.
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
How to Spot a Phishing Scam
The Organization
Someone who is phishing will try to present themselves as an agent for a bank, Revenue Canada, Service Canada or some other governmental institution. Most often they will contact you by phone, but you may receive communication by text message or email.
The Bait
The message you will receive will be a pretext for something that is important to you and that you would normally act. upon. Your bank account is overdrawn, your credit card has suspicious charges, you have outstanding income taxes or Service Canada is after you for overpayment of employment insurance. There is a good chance you have received phone calls based on one of these.
Sometimes, the scammer will have your full name, mailing address and phone in addition to your phone number and may try to confirm one of more of these to make them sound legitimate.
The Hook
Let’s say you pick up the phone and receive a call suggesting your bank is contacting you because there are suspicious charges on your credit card.
Most likely the call will be a robo-call: i.e., the calls are placed by a computer that leaves a prerecorded message. A phishing call will give you a callback number and/or ask you to press “1” (or some other number) to be connected to a live agent.
If you actually end up speaking with a person, the clue that it is a phishing scam is that they will ask you to verify something to “prove you are who you say you are”. That information could be a social insurance number, a credit card number with expiry date and CSC number or a bank account number. This is what they rare really trying to get.
What are the Consequences?
If it’s credit card information they’re seeking, it could trigger a series of purchases made under your name.
If the information the scammer is requesting is a social insurance number, it could result potentially in identity theft. A social insurance number allows someone to get a drivers license, a health card or some other type of document that could allow someone to do illegal things in your name.
Someone could take out a mortgage on your house without your knowledge. You might only become aware of this when you try to sell your home.
How to Not Be a Victim
If you receive a phone call that sounds like a pre-recorded message, simply hang up. If the call really came from Revenue Canada or Service Canada, you would receive a letter from them if they had an issue. This is usually their first way to contact you and you would receive a phone call only if you failed to respond to their letter.
If you listen to a message and it sounds suspicious when the message says something like, “To speak with an agent, please press 1”, do not press the number. Hang Up.
If you get a text message that seems suspicious, do not reply. Delete it. Banks, credit card companies, and government agencies do not generally send text messages to communicate with citizens or customers.
If you get a suspicious email, do not reply. Delete it. And, once you’ve deleted it, empty your trash bin on your computer to ensure it is gone for good. An easy way to determine if an email is legitimate is to check the URL portion (e.g., @XYZcompany.com) of the email address to see if it is the same as the URL of the agency or company the email suggests it is from. If it’s not the same, it’s probably fraudulent.
The hardest tactic to counter is when a person calls you and wants to discuss an issue with you. As we noted above, they can seem very convincing when they have your name, address and phone number. They may event give you an employee ID number to sound legitimate.
When they ask for some kind of personal information from you, ask THEM some questions to confirm they are who they say they are and that they are indeed legitimate employees of an organization you deal with.
For calls about credit card charges, ask what the last balance was on your card and when and how much of the balance you paid. Only someone who works for the organization will know this and they should be able to answer that almost immediately. If they are slow to respond or sound hesitant, just hang up.
If the caller says they’re from a government agency, ask them what the amount was that was payable on your last income tax return and when you paid it. Similarly, with Service Canada, when did you last receive an EI payment and how much was it. If they can’t answer, hang up.
If you feel hanging up is being overly rude, you can simply say you don’t give personal details over the phone. A legitimate representative will understand why you are saying that and not take offence.
How to Not Become a Target
Guard your personal information as much as you possibly can. Never give this out unless you are 100% confident that the person you are giving it to is a legitimate employee or agent.
Phishers get some of their information about you by hacking corporate or government websites where you might be registered as a user. It’s not the easiest way, but develop a habit of changing your passwords regularly – every 6 months or so. You also can make your passwords harder to decipher if they are longer and contain a mix of character types: upper and lower case letters, numbers and special characters.
Set up your email system to identify potential spam or phishing emails and separate them from your inbox. You can set up rules for your email service to follow to know what to look for. Sometimes there will be a folder called Spam or Junk and your email system can learn how to differentiate between legitimate email and fraudulent email. You can teach it to do so.
Sometimes email phishing could trigger installing malware on your computer that can send personal information back to the scammer in the background. Run regular scans for viruses or malware. To make it simple, you can set up these systems to perform scans at preset times. Windows 10, for example, has a very powerful anti-virus and anti-malware application called Windows Defender. It’s free.
The Toronto Police Service also has tips and resources to help you prevent fraud. Click here to visit their page on Financial Crimes.