12.1.11 Detect fraud and scams
- 12.1.1 Fraud awareness quiz
- 12.1.2 Types of fraud
- 12.1.3 Mass marketing fraud
- 12.1.4 Investment fraud
- 12.1.5 Payment scams
- 12.1.6 Credit card and debit card fraud
- 12.1.7 Video: Debit and credit card fraud
- 12.1.8 Other frauds
- 12.1.9 Why we fall for fraud
- 12.1.10 Case study: Affinity fraud
- 12.1.11 Detect fraud and scams
- 12.1.12 Signs of frauds and scams
- 12.1.13 How to spot fraud
- 12.1.14 Summary of key messages
The good news: You can learn how to spot the warning signs of fraud before you get taken in. Click on the examples to see how.
Example of phishing email
From: ABC Bank firstname.lastname@example.org
Subject: Your account – Security breach
Date: 6 June, 2012 4:14:05 PM EDT
To: John Doe email@example.com
Due to a recent security breach in the ABC Bank computer systems, we are asking all customers to immediately update their client profile using the link below and immediately report any unnoticed information changes, unexplained funds depletion or the likewise. Rest assured that we have the safety and privacy of our customers as our top priority but please help us by following the instructions below:
Update and verify your information by clicking the link below:
If your account information is not updated within 48 hours, then any complaints will be dealt with as a separate incident from this security breach. Please update your profile as soon as possible.
The ABC Bank Team
- The email may not be addressed directly to you, but may say something like "Dear customer."
- The email has a sense of urgency and pressures you to act immediately.
- When you click on the link, you are asked to provide your personal identification number (PIN) or password online. No legitimate company would ask you to do this except on your regular log-in page.
- There is no padlock or security lock icon on the log-in page indicating that it is a secure site.
- The website address begins with "http" rather than "https" – the "s" stands for "secure."
- There is no way to reply or contact the company directly.
- The website address, email and website are not exactly the same as those of your financial institution.
- Other links on the page may not work.
- Often there are errors in spelling and grammar. (This is not always a red flag for fraud, but it should alert you to watch for other signs.)
What to do:
- Do not give personal financial information by email
- Do not enter personal financial information on a website unless you know it is secure and legitimate.
- If in doubt, check the website address by moving your computer mouse over the link. Usually a URL different from that of the real financial institution will appear.
- Contact the bank directly to notify them that you have received this email. Then delete the email.
Voice 1: Hello.
Voice 2: Hello. It’s John here. I’m calling from ABC Bank about the new credit card you applied for.
Voice 1: Oh, yes. I was wondering why it hadn’t arrived yet.
Voice 2: That’s why we’re calling. As part of our new security procedure, I need to update our records and make sure the card goes to the right address. This will just take a minute.
Voice 1: Okay. What do you need to know?
Voice 2: Can you tell me your full address?
Voice 1: Yes, it’s 1234 Main Street, Vancouver, V1B 2C3.
Voice 2: Great, that matches our file. And your date of birth?
Voice 1: June 1, 1980.
Voice 2: Great. And what accounts do you have with the bank?
Voice 1: I have a chequing account and a savings account. And the credit card, of course.
Voice 2: Okay. Do you know your telephone password?
Voice 1: Uh, is it XYZ123?
Voice 2: Yes, that’s perfect. Finally, do you know the PIN on your credit card?
Voice 1: Yes, it’s 1357.
Voice 2: Thank you. That’s all I need. I’ll authorize the release of your card now, and you should receive it in a few days.
Voice 1: Thank you. Goodbye.
Voice 1: Hmm. That’s odd. The bank has all that information. I think I’ll call them and find out if they really need that information before they send out a new card.
Telephone transition noise.
Voice 1: I can’t believe it. You mean I gave all that information to someone who stole my new credit card from my mail? I’ll have to cancel my card right away, and change my banking password. And I’ll have to notify the credit agencies to put an alert on my file.
- You are asked for information the bank would already have (such as your address, bank account number and date of birth).
- You are asked to give your password and PIN over the phone.
- The "bank" claims to need your personal information before issuing your credit card. In fact, you would have provided all the necessary information when you applied for the card, and there should be no conditions or delays in sending it to you.
What to do:
- Do not give personal information over the phone unless you have made the call and are sure about whom you are talking to.
- Notify your financial institution right away.
- Notify Canada’s two main credit bureaus, Equifax Canada and TransUnion Canada.
Debit card fraud
- A store clerk swipes your card repeatedly, especially out of your sight.
- A store clerk or other customer looks over your shoulder—called "shoulder surfing"— to obtain your PIN.
- The card reader looks damaged or altered.
What to do:
- Do not let anyone swipe your credit or debit card out of your sight.
- It may be hard to tell if a credit or debit card skimmer has been installed on a bank machine. To be safe, always shield the keypad when you enter your PIN.
- If you think your card has been skimmed or the information copied, contact your financial institution, your local police or the Royal Canadian Mounted Police (RCMP), and the Canadian Anti-Fraud Centre.
Report a problem or mistake on this page
- Date modified: