Email fraud — or “phishing” or “brand spoofing” as it is also called — are attempts to get you to volunteer your personal information to criminals or to install malware on your computer. Criminals attempt to fool you by using fraudulent email messages and websites that look like they are from a legitimate company, such as a bank, credit card company, online retailer or government agency. The email you receive may look real, with company logos, links and branding, but beware — you may have actually received this spam or mass e-mail from a criminal. The fraudsters will cast a wide net and send the spam email to thousands of people at once, whether or not they are a customer of the organization, to “phish" for personal information.
How to identify a phishing email
So, how do you know if the email you received is fraudulent? Here are a few things you should know:
- Your bank will never send you an email, or call you on the phone, asking you to disclose personal information such as your credit card number, online banking password or your mother’s maiden name. They already have that information.
- Be suspicious of unsolicited e-mails that have a sense of urgency and warnings that your accounts will be closed or your access limited if you don’t reply.
- Does the email look professional? While some fraudulent e-mails may look professional at first glance, if you look more closely you may notice spelling and grammatical errors, unusual language or branding that isn’t quite right.
- Fraudulent e-mails may not be personalized and instead, are addressed in general terms, such as "Dear valued customer."
- If you receive an e-mail notifying you that an e-mail money transfer is being sent from a person you don't know, delete the e-mail as it is likely fraudulent.
Below are examples of recent phishing e-mails.
What banks are doing to protect you from phishing
It is important to remember that fraudulent e-mails sent out by criminals may look like they come from banks, but they are not connected with banks at all. Banks, however, take extensive steps to protect your personal information entrusted to them and to help you protect it as well.
The banks have teams of security experts working behind the scenes to find these fraudulent websites and shut them down as soon as they are detected to prevent any of their customers from becoming victims of fraud.
Consumer education is also one of the best ways to stop phishing and prevent customers from inadvertently disclosing their personal information. Most banks have information available on their websites providing practical tips on how to protect yourself and your money. Click the links below to be connected to the phishing pages on individual bank websites.
How to avoid e-mail fraud
There are some simple steps you can take to avoid becoming the victim of phishing and e-mail fraud:
- Be skeptical. Fraudulent e-mails can look like they come from a real bank e-mail address. If you have any doubts about an e-mail that looks like it is from your bank or a reputable company, contact them before responding to ensure that it is legitimate. But don’t use the toll-free number, e-mail address or website address provided in the e-mail: they may link you to the criminals rather than the bank. Use a phone number, e-mail address or website address that you know is correct.
- Never send personal and/or financial information by e-mail.
- Always enter your bank’s website using the website address (URL) that you know is accurate. Contact your local bank to get the correct website address if you're unsure.
- Regularly review your bank and credit card statements to ensure that all transactions are authorized. Also check your credit report at least once a year by contacting credit reporting agencies Equifax Canada and TransUnion Canada.
- Check the domain name shown as the link in the e-mail. When you click the link, if it does not match the name that appears in the browser at the top of the screen, then it may be a fraudulent website.
- On the Internet, whenever entering personal information, ensure that you are using a secure website. Look for “https://” rather than just “http://” in the address bar of your Web browser as well as a closed padlock in the bottom right corner of your browser.
- Make sure that your home computer is protected. Install anti-spam, anti-spyware and anti-virus software and make sure they are always up-to-date. You should also install a personal firewall to act as a barrier to viruses and other external attacks and check for operating system patches and upgrades on a regular basis.
What should you do if you receive a fraudulent e-mail?
If you receive a phishing e-mail, there are two things you should do: report it and delete it.
By reporting any fraudulent e-mails you receive to the bank or other company being spoofed, you can help us prevent other people from falling for e-mail fraud. Click the links below to find out how to report e-mail fraud to a bank.
The best way to protect yourself from e-mail fraud is to recognize it for what it is: a scam. Once you’ve reported the fraudulent e-mail, delete it. Do not reply or click on any link in the e-mail.
If you think you have provided your personal information in response to a fraudulent e-mail, you should immediately report it to your bank and to your local police.
Did you know?
The CBA offers a free fraud prevention seminar for seniors as part of its Your Money Seniors financial literacy seminar program.
Find out more and request a seminar for your seniors’ group at www.yourmoney.cba.ca/seniors.