A fraudster’s toolbox

Fraudsters use different tactics combined with evolving technology and are always trying new ways to steal personal information and money from Canadians.

We’re exposing some of the common tools in a fraudster’s toolbox and offering tips to help you recognize these schemes and protect yourself from falling victim.

Spoofing

Fraudsters use spoofing SpoofingA website or email address that is created to look like it comes from a legitimate source. An email address may even include your own name, or the name of someone you know, making it difficult to discern whether the sender is real. , as a type of phishing PhishingAn attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing, a specific, usually well-known brand, usually for financial gain.  scheme, to trick users into thinking they’re communicating with a legitimate source. They change their caller-ID displayed on phones, send convincing information in messages and create emails impersonating someone you know to trick you into offering them personal information.

Tip

If a caller is asking for your personal information, hang up and call the official phone number of the legitimate source. For email and message spoofing, hover your mouse over the sender’s email address and look closely for differences in the address.

Urgency

Fraudsters often use urgent language, like “act fast” or “click now”, to trick you into sending money, personal information or clicking on malicious links before considering whether the request is suspicious.

Tip

Real emergencies don’t happen over messages. Pause to think about whether the call or message seems suspicious and contact the source another way for confirmation.

Emotional manipulation

Fraudsters play on emotions to trick you into believing their story to send them personal information or money. They practice this by pretending to be a romantic interest, family member or charity, or by pretending to be involved in an emergency situation.

Tip

Be suspicious of anyone you meet online that claims their love or friendship to you, tells you a traumatic story or makes you feel uncomfortable. No matter how much time is invested in the online relationship, it is important to stay wary if they ever ask for personal information or money.

Threats

If you don’t comply with their demands, a fraudster may threaten you or your family members with an arrest, physical or financial harm, or the release of sensitive information or pictures.

Tip

If you get a threatening call or message, hang up or delete it. If you feel you need to verify the legitimacy, contact the organization handling the supposed threat.

Pop-ups

Fraudsters use pop-ups that appear on your device screen saying you’ve won a prize or that your device is infected, to trick you into clicking on a link LinkSee Hyperlink. or calling a phone number. These scams are trying to trick you into offering up personal information or installing malware MalwareMalicious software ("malware") designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. It can: • Intimidate you with scareware, which is usually a pop-up message that tells you your computer has a security problem or other false information. • Reformat the hard drive of your computer causing you to lose all your information. • Alter or delete files. • Steal sensitive information. • Send emails on your behalf. • Take control of your computer and all the software running on it. on your devices.

Tip

Protect your device by installing anti-virus VirusA computer program that can spread by making copies of itself. Computer viruses spread from one computer to another, usually without the knowledge of the user.  Viruses can have harmful effects, ranging from displaying irritating messages to stealing data or giving other users control over the infected computer. protection and pop-up ad blockers. Clear your cache CacheA component that transparently stores data so that future requests for that data can be served faster. The data that is stored within a cache might be values that have been computed earlier or duplicates of original values that are stored elsewhere. The term cache often refers to the browser cache, which records the most recently downloaded web pages. and block BlockTo stop a computer from reaching something on the internet, or, on social media, to stop a user from contacting you. cookies frequently and avoid using public wi-fi Wi-FiWi-Fi refers to a set of wireless communication protocols that can transmit traffic to Wi-Fi enabled devices within a local area. A Wi-Fi enabled device such as a laptop or tablet can connect to the internet when within range of a wireless network connected to the internet. An area covered by one or more Wi-Fi access points is commonly called a hotspot. or unsecure networks. Never call a phone number or click on a link provided in a pop-up.

Search engine optimization

Fraudsters can optimize their websites to appear in the top results of an online search. Their malicious websites can appear as legitimate sources to trick you into offering personal information or downloading malware.

Tip

Don’t assume the top results mean legitimacy or quality. Fraudsters will often create websites that look official but will change one letter or have a slightly different domain. Always verify the link and contact information.

Links and attachments

By sending out mass phishing messages with malicious links and attachments, fraudsters can almost guarantee they will catch a victim who clicks on one. These links and attachments can download DownloadTransmission of data from a remote computer system onto a local computer system. malware onto your devices or send you to malicious sites.

Tip

Don’t click on a link sent to you in an email, text message or message on social networking sites. Navigate to the site through your own search engine Search engineA program that enables users to locate information on the internet. Search engines use keywords entered by users to find websites which contain the information sought. and use the contact information from your search to contact the company to verify the legitimacy of the sender before downloading attachments.

Impersonation

Fraudsters research and learn about individuals and their connections to better impersonate them for more targeted scams, like spear phishing Spear phishingThe use of spoof emails to persuade people within an organization to reveal their usernames or passwords. Unlike phishing, which involves mass mailing, spear phishing is small-scale and well targeted. .

Tip

Don’t trust that a message is from who the sender says they are, especially when it comes with a request to click a link or download a file. The impersonator might offer very convincing information to seem legitimate, but always verify the sender through another source.