How to steer clear of these 5 big scams
In the “bank investigator” scam, victims receive a call from a fraudster—for example, posing as a store employee inquiring about a recent purchase on their credit card—and are often asked to immediately call the number on the back of their card to verify the validity of the initial call (Getty Images/martin-dm)
Money never sleeps—and neither does fraud. In fact, there never seems to be an end to the stream of scams being devised.
As Jeff Thomson, manager of the fraud prevention and intake unit at the Canadian Anti-Fraud Centre, points out, “Fraudsters are always targeting Canada with new scams and old scams. So far in 2019, the CAFC has received more than 20,000 reports involving more than $43 million in losses. Canadians need to continue to be vigilant when receiving calls, emails or text messages from unknown senders.”
Here are some of the latest scams to keep on your watch list.
1) SIN SCAM
In this con, victims get a call from someone pretending to be from Service Canada or another government agency, saying their social insurance number (SIN) has been blocked, compromised or suspended. The call might be one of the latest variations on caller ID spoofing—a scam in which fraudsters disguise the number seen of the ID display in order to trick victims into answering the phone and trusting the caller. Typically, the person on the line will ask for SIN and other personal info, such as date of birth, address and so on. Don’t do it. As the CRTC explains, “Victims who provide their personal information to fraudsters are at risk of identity fraud.”
HOW TO PROTECT YOURSELF
- Don’t trust call display. “It may say ‘Police’ or ‘ABC’, but in reality, it is actually a scammer,” warns Thomson.
- If you get a call from a person saying they represent a company or government agency and asking for personal information, hang up and call the number on your account statement or on the company or government agency’s website to verify.
- Never provide personal information such as your SIN, account numbers, passwords or other identifying information in response to unexpected calls.
- Register your telephone number on the National Do Not Call List.
- Check out the CRTC’s Telemarketing Consumer Alerts to help identify spoofed calls.
- Review the calling options or features available to block or filter unsolicited and illegitimate telemarketing calls.
- If you suspect fraud, you can report it to your local police or the CAFC (1-888-495-8501).
2) EMAIL MONEY TRANSFER FRAUD
Email money transfer is often seen as a quick and secure method for transferring funds—which is probably why more than 371 million e-transfers worth more than $132 billion were made in Canada last year, according to figures from Interac Corp.
Still, the method is not foolproof: according to Thomson, the Canadian Anti-Fraud Centre received 163 reports in 2018 involving bank accounts that were compromised and money e-transferred out.
In one case, a home seller was contacted by email from what appeared to be the home realtor requesting an e-transfer to be held in trust pending a home inspection. But after the e-transfer was accepted, the homeowner contacted the real-estate agent and found out that they had not requested a deposit. In another case, a woman tried to send an email transfer to a friend to reimburse her for travel expenses. When the friend tried to open the email to accept the transfer, she was told the money had already been deposited.
Both of these cases involved email hacking.
HOW TO PROTECT YOURSELF
- Be careful with passwords: As the Interac site points out, “Sometimes the strongest passwords are the ugliest.” Also, as a CBC report suggests, don’t share your password, use one password per website, and periodically search your email address (on sites such as haveIbeenpwned.com). If it has been compromised, change your password.
- Choose security questions that are not easy to guess.
- Use filters to protect from viruses and spyware.
- As Interac suggests, if you receive a deposit or money request notification you weren’t expecting, contact the sender through a different channel to verify.
- Look for strange typos in the text of an email notification. In phishing emails, the “$” sign often appears after the amount.
- If you think an Interac e-Transfer notification is a scam, forward it to [email protected].
- If you accidentally fill out personal information in a link from a phishing scam, change your online banking password and contact your bank immediately.
- Ensure your email provider uses TLS encryption, or switch to a provider that does.
- Use Interac e-Transfer Autodeposit. If you have the service set up, money sent via Interac e-Transfer will be deposited into your bank account automatically, without the need for you to answer a security question. Autodeposit is available through most large Canadian financial institutions and credit unions.
3) WHATSAPP BREACH
Although the popular messaging tool WhatsApp features end-to end encryption, it still fell victim to a recent security breach that involved injecting malware onto victims’ phones. As one report explained, the hackers could implant the malicious code simply by placing a voice call to the victim on WhatsApp—and the victims didn’t even need to pick up for their phone to be infected. The breach was reported to have “signs of coming from a government using surveillance technology developed by a private company, and it may have targeted human rights groups.” The NSO Group, an Israeli cyber company, was said to be behind the attack.
Although the messaging service, which is owned by Facebook, said only a “select number of users were targeted,”, it called on users to upgrade to the latest version of the app after it fixed the vulnerability the attackers had sought to exploit.
HOW TO PROTECT YOURSELF
- If you have not already done so, install the latest version of WhatsApp.
- Always ensure you are running the latest anti-virus software. As Thomson explains, phone and tablets are also computers and should be kept up to date. “Depending on the type of phone you have, anti-virus apps can be installed,” he says.
4) BANK INVESTIGATOR SCAM
This is a type of fraud that has many variations, but several commonalities as well. Victims receive a call from a fraudster—for example, posing as a store employee inquiring about a recent purchase on their credit card—and are often asked to immediately call the number on the back of their card to verify the validity of the initial call. When victims believe they have hung up, the original caller, not having actually disconnected, redirects the victims to impostors.
Recently, a Hilden, N.S. woman reportedly got a call from someone saying he was working with the RCMP and a bank to identify bank employees who were stealing from it. At one point, the victim said she thought the call was a scam, and the fraudster urged her to hang up and dial the number on the back of her debit card. When she did, the suspect answered the phone. He convinced her to send $15,000 in three separate packages via courier to three different addresses in Brampton, Ont., to help with the supposed investigation.
HOW TO PROTECT YOURSELF
- As Thomson points out, calls to landlines from scammers in the “bank investigator” scam tend to happen in the early morning—often when a victim is still sleeping. “Make sure you are alert when dealing with finances,” he says. “Banks or credit card companies will never ask you to send money.”
- As with the SIN scam, do not assume phone numbers appearing on call display are accurate. This call‐spoofing technology is easily available, says Thomson.
- Financial institutions will never ask you to transfer funds to an external account for security.
- Never give remote access to your computer systems to unknown callers.
5) SCAMS TARGETING LAWYERS AND TRUST FUNDS
Lawyers and their clients should be beware of social engineering scams targeting lawyers and often involving trust funds. In such cases, fraudsters pretend to be an existing client or someone genuinely authorized to give instructions on the client’s behalf.
In one case described by the Law Society of BC, a firm redirected more than half a million dollars in sale proceeds that it was holding in trust for a real estate client. The client had originally given its instructions in person to the firm. Before wiring the funds to the client as originally instructed, the firm received an email, purportedly from the client but in fact from the fraudster, directing the funds to be wired to a different account, which turned out to be the fraudster’s account. In this case, the email address used by the fraudster was identical to that used by the client.
HOW TO PROTECT YOURSELF
- As with the email money transfer scam, any client’s or lawyer’s email account can get hacked. So if you are a lawyer who is about to pay out trust funds and your client’s payment instructions change, make sure the change is legitimate by making direct, in-person contact with your client and following tips such as those offered by the Law Society of BC.
- Establish due diligence protocols for transferring funds and ensure all staff receive training and adhere to them. Insurance is available on the commercial market to respond to social engineering frauds so talk to your broker.
- Be on high alert for scams during vacation. Arrange for a competent lawyer to supervise your practice and provide your contact information to the lawyer and your staff.
DID YOU KNOW?
Fear of identity theft and fraud are big concerns for Canadians, according to CPA Canada’s 2019 fraud survey. You can also delve further into how to safeguard yourself with tips from Protecting you and your money: A guide to avoiding identity theft and fraud.