12.1.11 Detect fraud and scams

From: Financial Consumer Agency of Canada

The good news: You can learn how to spot the warning signs of fraud before you get taken in. Click on the examples to see how.


Phishing email
Example of phishing email

From: ABC Bank info@abcbank.com

Subject: Your account – Security breach

Date: 6 June, 2012 4:14:05 PM EDT

To: John Doe john.doe@anywhere.com


Dear Customer,

Due to a recent security breach in the ABC Bank computer systems, we are asking all customers to immediately update their client profile using the link below and immediately report any unnoticed information changes, unexplained funds depletion or the likewise. Rest assured that we have the safety and privacy of our customers as our top priority but please help us by following the instructions below:

Update and verify your information by clicking the link below:


If your account information is not updated within 48 hours, then any complaints will be dealt with as a separate incident from this security breach. Please update your profile as soon as possible.


The ABC Bank Team


Warning signs:

  • The email may not be addressed directly to you, but may say something like "Dear customer."
  • The email has a sense of urgency and pressures you to act immediately.
  • When you click on the link, you are asked to provide your personal identification number (PIN) or password online. No legitimate company would ask you to do this except on your regular log-in page.
  • There is no padlock or security lock icon on the log-in page indicating that it is a secure site.
  • The website address begins with "http" rather than "https" – the "s" stands for "secure."
  • There is no way to reply or contact the company directly.
  • The website address, email and website are not exactly the same as those of your financial institution.
  • Other links on the page may not work.
  • Often there are errors in spelling and grammar. (This is not always a red flag for fraud, but it should alert you to watch for other signs.)

What to do:

  • Do not give personal financial information by email
  • Do not enter personal financial information on a website unless you know it is secure and legitimate.
  • If in doubt, check the website address by moving your computer mouse over the link. Usually a URL different from that of the real financial institution will appear.
  • Contact the bank directly to notify them that you have received this email. Then delete the email.

Phone solicitation 


Telephone rings.

Voice 1: Hello.

Voice 2: Hello. It’s John here. I’m calling from ABC Bank about the new credit card you applied for.

Voice 1: Oh, yes. I was wondering why it hadn’t arrived yet.

Voice 2: That’s why we’re calling. As part of our new security procedure, I need to update our records and make sure the card goes to the right address. This will just take a minute.

Voice 1: Okay. What do you need to know?

Voice 2: Can you tell me your full address?

Voice 1: Yes, it’s 1234 Main Street, Vancouver, V1B 2C3.

Voice 2: Great, that matches our file. And your date of birth?

Voice 1: June 1, 1980.

Voice 2: Great. And what accounts do you have with the bank?

Voice 1: I have a chequing account and a savings account. And the credit card, of course.

Voice 2: Okay. Do you know your telephone password?

Voice 1: Uh, is it XYZ123?

Voice 2: Yes, that’s perfect. Finally, do you know the PIN on your credit card?

Voice 1: Yes, it’s 1357.

Voice 2: Thank you. That’s all I need. I’ll authorize the release of your card now, and you should receive it in a few days.

Voice 1: Thank you. Goodbye.

Hang up.

Voice 1: Hmm. That’s odd. The bank has all that information. I think I’ll call them and find out if they really need that information before they send out a new card.

Telephone transition noise.

Voice 1: I can’t believe it. You mean I gave all that information to someone who stole my new credit card from my mail? I’ll have to cancel my card right away, and change my banking password. And I’ll have to notify the credit agencies to put an alert on my file.


Warning signs:

  • You are asked for information the bank would already have (such as your address, bank account number and date of birth).
  • You are asked to give your password and PIN over the phone.
  • The "bank" claims to need your personal information before issuing your credit card. In fact, you would have provided all the necessary information when you applied for the card, and there should be no conditions or delays in sending it to you.

What to do:

  • Do not give personal information over the phone unless you have made the call and are sure about whom you are talking to.
  • Notify your financial institution right away.
  • Notify Canada's credit bureaus, Equifax Canada and TransUnion Canada.

Debit card fraud

Warning signs:

  • A store clerk swipes your card repeatedly, especially out of your sight.
  • A store clerk or other customer looks over your shoulder—called "shoulder surfing"— to obtain your PIN.
  • The card reader looks damaged or altered.

What to do:

  • Do not let anyone swipe your credit or debit card out of your sight.
  • It may be hard to tell if a credit or debit card skimmer has been installed on a bank machine. To be safe, always shield the keypad when you enter your PIN.
  • If you think your card has been skimmed or the information copied, contact your financial institution, your local police or the Royal Canadian Mounted Police (RCMP), and the Canadian Anti-Fraud Centre.
Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: