You may be tech-savvy, relying on virtual assistance for what you need, and well-prepared to protect your valuable devices from all forms of malware using the best cyber security practices.
Unfortunately, not all Canadians are as aware of scamming, social engineering, and other malicious activities that lie in wait. This year, thanks to the pandemic, Canadians, like many other people, have gone online to shop, conduct business, transfer funds, and seek new clients.
In 2019, the most reported online scam include:
- Merchandise: 1414 reports were made by 1052 victims, over $1.52 million was lost
- Service: 1366 reports were made by 1018 victims, over $1.46 million lost
- Phishing: 2246 reports made by 797 victims
- Extortion: 2126 reports, 34 victims, $6500 lost
- Spear phishing: 564 reports, 329 victims. Over $1.799 million lost
- Job: 770 reports, 282 victims. $946,100 lost
Canada’s fraud prevention agency estimates that only less than 5% of victims report their occurrence to them, meaning that the real statistics may be worse.
Below is an in-depth look into these kinds of scams and how they can be avoided:
Here, criminals create and spread fake ads via email to unsuspecting clients. They use fake websites, pop-ups, and classified ad sites. The items they claim to sell can be electronics, clothing, animals, and counterfeits.
The Canadian Anti Fraud Center (CAFC) warns that if the price of an item is too good to be true, it probably is. Cybercriminals also spoof victims with phone calls and emails demanding payment through legitimate businesses like Western Union or MoneyGram.
They can also use overpayment scams in which a buyer overpays for an item and requests the seller to send the excess amount, only for the initial payment to be found not to exist.
The CAFC has singled out several service industries highly associated with service fraud, where scammers send emails and text messages and use fake websites to promote fake agencies and companies.
The isolated services include assistance with obtaining government documents and immigration, low-interest rate loans, resale, tech support, and air-duct cleaning.
The fraudsters will then deliver low-quality or risky services.
This kind of email fraud is almost as old as the concept of emailing itself.
Phishing scams use information that looks legitimate to get you to volunteer vital personal or financial information or install malware on your device. Phishing scams mimic companies like Amazon or Netflix, or your bank.
They send messages via email that direct you to a fake website address that has been coded to look exactly like the legitimate website of your bank or social media.
As soon as you input your authorization details, the gathered personal information is directed to the criminals. They may also send an email with minimal text encouraging you to click on links, which then infect your device with malware.
Here, a fraudster will coerce victims (individuals or institutions) to pay money, submit property, or offer information. The CAFC has identified tactics such as bomb threats, denial of service, access to institution resources, explicit videos, hostages, and ransomware as commonly used to threaten victims. Extortionists also use taxpayer fraud, where fake Canada Revenue Agency CRA agents claim that you committed a crime, owe tax money, or have had your SIN number compromised.
Immigration extortion scams; where Canadians are threatened by fake Immigration, Refugees and Citizenship Canada representatives to send money or risk deportation and loss of citizenship status are also common.
Asian communities in Canada have especially been falling victim of the scammers from fake courier companies, Beijing police, or other law enforcement bodies.
Scammers pretending to be legitimate businesses and organizations convince people to send them money by leveraging the relationship already existing between the businesses and the victims.
These take the forms of gift cards from high-ranking company executives requesting funds to buy employees rewards, requests to wire massive amounts of cash ($100,000 and above) to foreign accounts, and head office spoofs, where a scammer calls a franchise office pretending to be the head office and asking for wire transfers or gift card activations.
Victims working in the finance industry are also targeted where the scammer pretends to be an existing client and asks them to wire a large amount of money to a foreign account.
Supplier/contractor relationships are also vulnerable, as a criminal can pretend to be a supplier and send new bank details, requesting for invoice payments to be made to the new account.
Scammers target the unemployed or people seeking emergency response benefit because they are especially vulnerable. Unsolicited emails with job offers will come with fake and potentially risky jobs such as mystery shopper, financial agent, or car wrapping deals.
In car wrapping, the scammer convinces you to wrap your vehicle with a company logo and receive $300-$500 per week and send you a counterfeit check, a contract, plus instructions to pay a certain graphics company a certain amount of money.
A scammer may also use the fake job to ask victims to help them cash a fraudulent check then return the money received to the fraudster. Others put victims at risk of being arrested for money laundering where they convince them to use their bank account to process incoming money from criminal activities under a false ‘financial agent’ job.
How to Spot an Email Scam
- Your bank would never send an email or call you requesting PINs, passwords, debit or credit card numbers, your mother’s maiden name, or your phone number.
- Beware of emails that have a sense of urgency, e.g., the closure of your account
- Avoid opening unsolicited emails and clicking suspicious links
- If the email address is hidden or does not have the domain name of your bank, company, or the listed email for customer support, then it is a scam.
- Be careful with where you upload your resume, and research an employer to confirm that they are hiring
- Beware of greatly reduced market prices and research the market value thoroughly before purchasing
- Look for spelling errors in the product name or overall email