Types of Scams

Red Flags:

• Look out for minor variations of email addresses and domain names
  • For example, example.com becomes exampie.com
  • Note legitimate email addresses can also be taken over and used for fraud purposes
• Wire transfer requests that contain changes or updates to wire beneficiary details (e.g. beneficiary name, bank account number, bank name/location, and currency).
• The sender is applying a sense of urgency to the transaction and is pressuring the employee to transact quickly
  • Know the signs of social engineering, such as creating a sense of urgency or fear, or creating an expediated timeline for completion
• The request is often marked as “highly confidential” in order to maintain secrecy
• The requested transactions are inconsistent and/or out of the ordinary for normal course of business
• The email contains variations in tone, phrasing, terminology, writing style, and language that is different from past email correspondence with the same individual.
• The request contains spelling mistakes or grammatical errors
• The transaction request is occurring prior to a long weekend or holiday in hopes that the fraud will go undetected for a longer period
• The sender of the email indicates they can only be reached via email or by a new or unfamiliar phone number
  • Always verbally verify the request with sender using a known phone number.
• Always think before you click when it comes to suspicious links or attachments.

Example #1
John is the executive assistant to Mary, the CEO. John is aware that Mary is on vacation and may have limited access to email but can be reached by phone in an emergency. John receives an unexpected email from Mary from her existing email address with an urgent request to update a system password for the program that is used by senior leaders to manage payroll information. The email has several spelling mistakes and contains a hyperlink that the email indicates will allow Mary to remotely access the payroll system from her hotel room. As John was not expecting this email, and with the knowledge that other senior leaders could access the system internally without any remote access or password updates, John is skeptical and calls Mary at her emergency telephone number.

Red Flags:

• John receives an unexpected email from Mary while on vacation
• Email requested remote access which is out of the norm and considered suspicious
• Email has spelling mistakes
• Email creates a sense of urgency

Outcome:

Mary confirms that she has not sent this request. Mary indicates that she had recently used unsecure hotel WIFI, and afterwards received numerous unsolicited spam emails. Mary subsequently discovers that her legitimate email address had been compromised and several emails had been sent from that address without her knowledge. John and Mary decide to remove Mary as an authorized user of the payroll system until they return from vacation and has her devices scanned and cleaned.

Example #2

Daphne is the CEO of a Non-Profit Organization (NPO) and works with James, the comptroller of the NPO to coordinate bi-monthly wire transfers to a known social assistance program for grants to that program. All correspondence and wire remittance receipts are sent via email between James and the coordinator of the social assistance program, Eric. During an off-month period, James receives an email from Eric with a request to update beneficiary bank information to a different recipient bank for future wires, as well as with a request to triple the amount normally sent as part of the grant program during this off-period. The email also requests this, and future wires are sent in US Dollars, whereas all previous wires were sent in Canadian Dollars. James advises CEO Daphne, who approves the update request but asks James to re-confirm the changes, as US Dollar wires have increased processing costs. James confirms the changes with Eric using the existing email thread. Eric confirms the changes, and the wire is sent processed. One month later, the normal bi-monthly wire is sent, and James receives a subsequent email from Eric indicating that the program has not received the expected bi-monthly funds. James confirms that funds were sent using the updated bank recipient information that Eric had provided the month before. Eric then confirms that the program has not changed their banking information and did not send any emails requesting the information to be updated or additional wires to be sent.

Red Flags:

• Request was verified using the same email chain, without a verbal confirmation being completed
• Email is sent outside the normal bi-monthly contact cycle
• Email requests an update to banking information to a new and unfamiliar bank
• Email requests a significant increase in funds sent during an off-cycle
• Email requests a change in currency which is uncharacteristic for the account.
• Email uses a variation in spelling of the contact name (Eric vs. Erik)

Outcome:

James reviews the email thread and discovers that the email with the update request was sent using an email with a variation in spelling – Eric@example.com was changed to Erik@example.com in the email address and the change was not noticed. Daphne notifies their financial institution of the scam and reports the incident to police. Every effort is made to recall the wires on behalf of the NPO, but those efforts were unsuccessful.

Red Flags:

• You may be requested to complete a high-value outgoing wire, obtain a certified-funds cheque, or send E-transfers to crypto/investment companies
• You may be advised to withdraw from other investment portfolios to facilitate the new investment
• Investment opportunity may be time sensitive to secure guaranteed rate
• The sense of excitement from the investment opportunity may cause you to overlook the that the investment may be too good to be true
• You have been coached to provide a cover story to your financial institution to mask the true purpose of the movement of funds. This may include home renovations, emergencies, or gifts to family members
• The investment company uses complex terminology making difficult for you to understand and explain the investment or how the investment is yielding a high rate of return
• The fee structure and withdrawal options are unclear or extremely complex
• Company or investment advisor is not registered with the Canadian Securities Administration or has little to no online presence
• All communication is done virtually via SKYPE or email
• Negative reviews with the Better Business Bureau or online

Red Flags:

• These opportunities will seem expedited by offering you the position with no interview process or pre-screening
• Scammers often steal logos, images or content from legitimate business websites to make the opportunity appear genuine.
• The fake employer may ask you for personal banking information that is usually not asked for when accepting an employment opportunity. (ex. credit card number or online banking credentials/passwords)
• Your employer does NOT need this information from you
• The job posting may not have detailed information on who to contact and most of the communication will be done via email or Skype
• These employers often pay in advance using cheque images sent via email and are often followed by a request to send the majority of funds back through E-transfer for the purchase of goods or equipment associated with the role, while allowing the employee to keep a portion as a payroll advance on employment that has not yet started
• The cheques are almost always counterfeit and will charge back leaving an overdraft on the account

Red Flags:

• Callers usually state that you have a compromised SIN number, or an outstanding case against you, and will use aggressive language to indicate tax owing, unpaid balances or claim you have committed a financial crime.
• Callers may also state that a loved one has been arrested and/or critically injured and needs immediate access to funds to pay legal costs, bail, or hospital fees
• These calls are known to be threatening and urgent. They claim that you OR your loved one will be (or may already be) arrested, fined or deported if you do not comply.
• You are usually asked to pay the fine or required funds in gift cards or bitcoin, via wire transfer, or they may ask you to send physical cash through the mail
• It is also common for scammers to send “police” to your home to pick up cash or cheques
• If you comply, the calls typically continue and escalate, and more reasons for sending additional funds will usually occur
• CRA does not allow tax refunds via e-transfer and the amount indicated is often incorrect or unexpected. The phishing site you are then redirected to asks for information that CRA should already have on file.

Red Flags:

• Scammers often prey on the emotions of those looking to be in a relationship; those who have recently suffered a loss of a loved one can be considered particularly vulnerable
• Scammers often use photos copied directly from online sources to trick the victim into believing they are speaking to that person
• An online relationship often develops quickly without meeting in person
• Requests for financial assistance usually start off slow and with smaller amounts but often escalate in frequency and dollar value
• After the first initial funds are sent, the scammer often creates more scenarios or delays that require further financial assistance and postpone meeting in person
• Scammers will often request the relationship is kept secret and not shared with family or friends
• Scammers may also request personal information to be used for identity theft at a later date

Red Flags:

• These messages often appear legitimate and may contain logos or other images of the organization they are attempting to impersonate
• Websites that you are directed to often look legitimate and mimic the actual organization’s website, but they have been set up to collect personal and financial information to be used for fraud at a later date
• Website URLs will NOT match the legitimate organization’s website
• The recipient may not be expecting to receive email or text communication from the organization
• The email or text message suggests a sense of urgency in taking action to protect your account or information
• Messaging may contain poor grammar or spelling mistakes unbecoming of a professional organization
• The notification may indicate a pending reimbursement or refunds that you are not anticipating
• Messaging may indicate clicking a link to block or unblock an account due to unauthorized logins

Red Flags:

• A familiar organization reaches out with an urgent matter that requires you to disclose significant amounts of personal or financial information
• Quite often verification of fraud transactions that have not actually occurred are used to create a sense of urgency and as a cover to request personal or financial information or access to online accounts
• Multi-factor authentication one-time passwords are often requested to “verify” access or transactions
• Call display numbers and contact information can easily be manipulated to make it appear a familiar organization is attempting to contact you. Do not use call display as a “source of truth”.
• Caller may indicate the purpose of the call is regarding pending refunds or reimbursement that requires immediate action

Red Flags:

• Pop-up messages containing phone numbers or cold calls from tech specialists requesting access to devices
• Legitimate anti-virus companies do not notify of issues via pop-up and don’t put their contact phone numbers within those messages
• Pop-up messages that indicate virus present on a device but are not found in an actual virus scan
• Tech support specialists from companies never cold call people requesting remote access to their devices
• Requests to download remote desktop software that provides remote access to the device.
• Examples include AnyDesk, TeamViewer Remote, RemotePC, GoToMyPC, Apple Remote, and BeyondTrust Remote Support
• Be wary if companies such as Amazon or Paypal request access to your bank accounts to process a refund directly. Refunds or reimbursements typically take 3-5 business to process and are normally processed using the same method as original payment
• Use caution if you are directed to login to your online accounts directly while remote access is active
• Turn off your device if you see your mouse cursor moving or other activity occurring that you are not aware of

Red Flags:

• Fraudsters can also lure you in with ‘Sponsored’ posts on social media websites that seem genuine, but when followed lead to poor quality websites.
• You have not seen the goods being purchased in person
• Urgency in sending funds in order to secure goods
• Goods sold at drastically reduced or very low prices (too good to be true)
• A sudden increase in agreed selling price or demand for additional payment

Red Flags:

• The scammer will often send an image of the cheque instead of a physical cheque
• You are asked to deposit the cheque and send a portion of the cheque proceeds to another party - often someone not associated with original transaction
• Your “portion” is often referred to as the payment or funds earned and the remaining funds used to cover shipping fees, duty, movers, storage, or income earned.
• The face of the cheque may look suspicious and reflect multiple fonts, alterations, spelling mistakes, payable from an unrelated party, or is drawn on an out-of-province company and/or financial institution
• The payor of the cheque has no obvious connection to the transaction – for example, an insurance company would likely NOT be connected to the private sale of a fridge from Facebook Marketplace
• The scammer will create a sense of urgency to deposit the cheque and move funds right away before the clearing process has completed
• Just because a cheque has been deposited, does not mean the funds are guaranteed and may be dishonored at a later date