As advisors, we continue to be dismayed by the increasing amount of financial fraud. Almost all of us have received email scams; increasingly, many clients are being targeted via mobile phones or social media.
According to the Canadian Centre for Cyber Security, “phishing” remains the number one technique used to steal data or infiltrate an individual’s network. This is where scammers call, text/SMS, email or connect via social media to trick victims into sharing sensitive information, providing funds or clicking a malicious link that contains malware that, once downloaded, can access a device’s information.
As such, we would like to remind you of some basic phishing situations. While these may be familiar, please pass along this article to those who may need support or use it as a basis for discussions with those more vulnerable, such as those less technologically savvy or those who may be isolated.
Phishing is often done through mass messaging that appears legitimate or from a trusted source. Here are some of the more common types of email scams, as well as actions to consider:
- Payments and Memberships — These fool you into believing you have paid for a product or membership, often of substantial value, prompting you to respond. Instead, consider checking your credit card statements to see if a charge has been made.
- Expired Subscription — A sense of urgency is created to renew an expired subscription, often using malicious links that collect your financial data. Always access subscription information through the actual account using the company’s trusted website.
- Shipment Confirmation — These suggest you have a pending delivery, often requesting payment or guiding you to open a compromised link/attachment that contains malware. If you make an online purchase, always track shipping through the confirmation provided by the vendor.
- Sweepstakes Win — These promise a prize, but often request you to send money or click a link to provide your information. Ask the question: did I enter the sweepstakes? If not, it’s likely a scam.
Phishing emails often use the actual logos of organizations to create legitimacy. However, a closer look may indicate that the source is fake:
• Doesn’t address the individual directly (i.e., “Dear customer”)
• Contains spelling/grammar errors
• Sender’s email address is generic — always view the underlying email address/domain name to check legitimacy
• Sender requests personal/confidential information or asks you to log in/click on a provided link — reputable companies never do so via email
• Sender makes an urgent request, often with a deadline
• The offer sounds too good to be true
For examples, please see: https://www.getcybersafe.gc.ca/en/resources/real-examples-fake-emails
If you are not certain if a message is legitimate, the best response is to not respond at all. Never share information with people you don’t know. Never click on links or download/open attachments on emails. And, never reply — even if you know the message is fake. Often, scams are generic mass messages; by responding, you’re confirming your number/email is active/valid and you’re likely to encounter more scams. In any situation where you may be uncertain, consider the approach of “take five, tell two” — take five minutes to pause; then tell two people, like a friend or neighbour, who can provide perspectives. If you have been a victim, report it at: https://www.antifraudcentre-centreantifraude.ca/report-signalez-eng.htm or https://www.getcybersafe.gc.ca/en/blogs/reporting-spam-text-messages-7726
Finally, remember that Harbourfront Wealth will never contact you via unsolicited email, text or phone call asking for sensitive information or account details. If you ever have concerns, contact the office.