“Your account has been compromised. We need you to confirm your personal information immediately!”

What would you do if you received an e-mail that looked like it was from your favourite retailer or your financial institution and it asked you to confirm your account and personal information? There’s a new kind of scam out there targeting Canadians and it’s important to learn how to recognize it and protect yourself.

E-mail fraud, sometimes called “phishing,” uses fraudulent e-mail messages and websites that look like they are from a legitimate organization, such as a bank, credit card provider, retailer or government agency. Criminals send these e-mails to “phish” for victims by tricking you into revealing personal information. Don’t be lured in. You wouldn’t give out your social insurance, banking password or credit card number if someone asked you on the street, on the phone or at your door, so it’s a good idea to use the same healthy skepticism online.

So how can you spot a scam? There are three important things to look for to help distinguish an e-mail from a legitimate company from a phishing e-mail:

• No personalization. E-mails from legitimate companies are usually personalized, such as “Dear Mr. Smith” or “Dear Jane”. Criminals send phishing e-mails to thousands of people randomly. They don’t know who they are and they can’t personalize them. Be wary of e-mails that say “Dear Client” or “Dear Valued Customer”.
• It sounds alarming. Phishing e-mails will have a sense of urgency, such as “you must reconfirm your information or your account will be closed in 24 hours.”
• It asks for personal information. No legitimate company would contact you by e-mail to ask you to reconfirm any of your personal information for security purposes or any other reason. They already have it.

If you have any doubts about the validity of any promotions or information requests you receive by e-mail, you may wish to call the organization to verify the legitimacy of the request. Be sure to use a phone number that you know is correct, not the number that appears in the e-mail.

A bank would never ask its customers for personal information like account numbers, passwords or PINs through an e-mail. If you receive such an e-mail, don’t respond to it. Instead, report it to the company being impersonated. Most banks have information about phishing on their websites, and you can link to them through the e-mail fraud section on the CBA’s website. You can also report a phishing attempt to PhoneBusters at 1-888-495-8501 or www.recol.ca.

To find out more about phishing and financial fraud, or to download the CBA’s free booklet, Safeguarding Your Money, visit the Fraud and Security section of the Canadian Bankers Association website. Our free consumer booklets are also available by calling 1-800-263-0231.

Canada's banks take the issue of privacy, security and fraud prevention very seriously. They work hard to prevent their operations and customers from being used for any kind of financial crime and to raise awareness, through efforts such as the Fraud Prevention Forum about the ways that customers can protect themselves.

As a consumer, you also have an important role to play in preventing fraud. This month, we’ll take a look at protecting yourself from e-mail fraud.