Scams in Canada Are on the Rise
I’m an avid movie streamer, and it’s not unusual for me to receive emails from Netflix about things to watch. So a new message about updating my account information didn’t seem out of place—especially as it featured the familiar red Netflix logo. Here’s what the email looked like:
We were unable to validate your billing information for the next billing cycle of your subscription. therefore we’ll suspend your membership if we do not receive a response from you within 48hours.
Obviously we’d love to have you back, simply click restart your membership to update your details and continue to enjoy all the best TV shows & movies without interruption.
We’re here to help if you need it. Visit the Help Center for more info.
–The Netflix Team
But on closer inspection, the tone seemed a bit off (why so urgent?) and I noticed a typo (“48hours”). I promptly deleted the message without clicking the links, then blocked the sender.
This common “phishing” scam is engineered to trick the recipient into providing their credit- or debit-card number, bank details or Netflix password. Through email (often with questionable grammar), texts, social media requests or phone calls, cybercriminals are doing everything in their power to deceive and defraud you. Around the world people are falling victim to data breaches, viruses and ransomware (when you’re locked out of your computer unless you pay to regain access).
Cybercriminals are often linked to attacks from China and Russia (often state sponsored), India (where many call centres are located) and parts of Africa (Nigerian prince, anyone?). That’s because it can be difficult to find and charge perpetrators in those places. But the attacks can come from anywhere.
Cybersecurity experts at Symantec say the United States experiences the most cybercrime. In 2021, it cost Americans older than 50 nearly US$3 billion, a 62 percent increase from the prior year, according to the FBI’s Internet Crime Complaint Center. In fact, the number of victims could be much higher, in part because many are seniors who may not know how to report it, or even that they have been scammed at all.
In Canada, about C$379 million was lost to scams and fraud in 2021 for all age groups, an increase of 130 percent compared to the year prior, according to the Canadian Anti-Fraud Centre. The U.K. has been hit hard, too, with more than £1.3 billion gained by cyber-scammers in 2021, says UK Finance, which represents the banking and finance industry there. About 40 percent of it was obtained by fraudsters convincing people to pay into a bank account.
The problem is getting worse. According to Cybersecurity Ventures, a New York-based publication, global cybercrime is expected to balloon to US$10.5 trillion annually by 2025, up from $3 trillion in 2015. If it were measured as a country, cybercrime would be the world’s third-largest economy, after the United States and China and ahead of Japan, Germany, the U.K., India, France, Italy and Canada.
Reasons are varied, but many cybersecurity experts cite the pandemic as a catalyst, when much of the world was forced to work from home, often without the same security protocols as they have at the office. This made it more likely that computer viruses would be let in, says Vishnu Varadaraj, a senior director at software-security company McAfee Canada.
“The shift to us relying more on online services made it a lot easier for cybercriminals to attack,” adds Varadaraj. The number of ways they could take advantage of us increased, he says, especially as we’re using more devices to access online accounts for things like banking, shopping and social media apps.
Read on for some of the widespread scams in Canada right now.
The Most Common Scams in Canada
Phishing and Smishing
No respectable company or government department will email to ask you to confirm your identity by filling out forms. These authentic-looking emails are often referred to as “phishing”—luring you to a phony website to input information. (When these come via text message, experts refer to it as “smishing,” for “SMS phishing.”)
An email could have a logo like that of your bank or credit-card company. The message says that someone is trying to access your account, and that you need to log in immediately and change your password. But, unknown to you, the link you click takes you to a fake website, and your current password and private financial information go to the fraudsters. Money can now be withdrawn from your account or applied to your credit card. You may then be locked out because the criminals may have changed your password.
In 2022, a Victoria, B.C., resident (who prefers to remain nameless) was cheated out of tens of thousands of dollars by a fraudster who sent an email appearing to be from PayPal. The victim was duped into sharing financial details, which were then used to purchase nearly C$50,000 in Bitcoin. Electronic forms of payment like cryptocurrency, gift-card codes and money orders are popular among cyber-criminals because they require no in-person interaction, are difficult to trace back to the fraudster and can be accessed from around the world.
Never click on links or attachments in an email asking you to confirm your details. When in doubt, contact the company or organization to ask if it was really them. Use a phone number that you look up yourself; do not use any number provided in a voicemail or call.
Here’s how one man fell for an email scam—and you could too.
Vishing
Don’t trust anyone phoning to tell you they’re from the tax department, a bank, your internet service provider or a “tech support” department. Even if you recognize the number, these things can be easily spoofed.
“This ‘voice phishing,’ or ‘vishing,’ scam can be very convincing and threatening,” warns Theresa Payton, a renowned cybersecurity expert who served as the first female White House chief information officer from 2006 to 2008. Based in Charlotte, North Carolina, Payton is the CEO and founder of Fortalice Solutions LLC, a cybersecurity and business-intelligence operations company, and is the author of several books on cybersecurity.
A popular phone scam goes something like this: “I’m calling from Microsoft. We’ve had a report from your internet service provider of serious virus problems on your computer. Can I help?” They’ll tell you the problem means you could be without internet access if the issue isn’t resolved.
They may give you instructions for granting them access to your computer from wherever they are—and they take control over your mouse and keyboard as if they were sitting in front of it. The fraudster then collects your data, either immediately or by installing hidden software that can send them information.
Seniors are often, but not always, the victims, though more members of Generation Z (born after 1997) are falling for vishing and online scams in Canada. The cybersecurity firm Security Intelligence cites data from Social Catfish, an online dating investigation service, claiming that the number of online-scam victims aged 20 and younger increased 156 percent between 2017 and 2020 in the United States.
In the U.S. alone, phone-related scams cost Americans a staggering US$39.5 billion between March 2021 and March 2022 according to Truecaller, an app that identifies and blocks spam calls and texts. This was the highest amount recorded since this annual report, done in partnership with The Harris Poll, began in 2014.
Fraudsters calling U.S. phone numbers may claim they’re with the Internal Revenue Service (IRS), says Payton, using fake names and I.D. badge numbers, and may demand you pay fake tax bills immediately or else face arrest or other legal action.
“If you have caller ID, it may even look like it’s from a bank or the IRS, as I recently experienced,” Payton adds. “So just know that there are certain things your bank or the government will never do—and that’s call, email or text you and tell you that you’re going to be fined or arrested if you don’t do this or that.”
If you ever hear this four-word phrase when you answer the phone, hang up immediately.
Ransom Emails
Another scenario is when your passwords are held for ransom if you don’t pay up. This kind of extortion message was received by Bob Lotich, a Franklin, Tennessee, educator and personal-finance expert. “The password that I had used on hundreds of sites was sitting there right in the subject line,” Lotich wrote on his blog. “The email explained that they not only had my password but had hacked into my webcam.”
The cybercriminals informed him that if he didn’t send US$2,900 in Bitcoin in the next 24 hours, they would attack his accounts. (Lotich did not pay up, and fortunately the threat turned out to be an empty one.)
Find out the password mistakes everyone makes.
Special Occasion and Event Scams
While scams in Canada take place year-round, fraudsters often tie it to something timely; maybe it’s scams around Valentine’s Day (“Click here to join this 50+ dating site”), tax season (“You’re eligible for a refund”), pandemic-related schemes (“Sign up here for free home-testing kits”) or war and natural disaster appeals (including phony charities seeking donations). For example, the CFAC says it received several reports of scams linked to Ukrainian aid in early 2022, when many Canadians were approached over social media to donate money to Ukrainian victims of the war. Instead, these funds went straight into the criminals’ pockets.
Criminals also take advantage of people in times of economic uncertainty. Facebook users in the U.S. may have seen posts last year from a group called “Southwest Air Fans” claiming to give away a pair of airline tickets if you clicked on a link to enter a sweepstakes. The perpetrators stole personal information, which led to identity theft.
“Now, with so many people concerned about money, including high fuel prices, we’re seeing a lot more fraudsters focusing on ‘cost of living’ scams such as fake giveaways, discounts and energy-tax rebates,” explains Natalie Kelly, chief risk officer of Visa Europe in London, U.K.
The U.K.’s Department for Work and Pensions has issued warnings of scam phone calls, emails and text messages where the recipient is asked to claim or apply for a payment by registering via a web link.
Here’s why you need to stop commenting on those viral Facebook memes.
Grandparent Scams
Scammers love to target seniors because they pay so well. Disturbing U.S. data published by cybersecurity company Comparitech shows that while the average loss per incident from those in their 20s was US$324, that figure jumped to $426 for victims in their 60s, $635 among 70-somethings and a staggering median loss of $1,300 among those in their 80s.
Many seniors are hit by fraudsters who send a direct message over social media or via text message posing as their grandchild asking for money due to a medical emergency, a travel problem or to buy textbooks. They glean personal details from the older person’s Facebook or Instagram photos, allowing them to craft a very believable message. The caller’s phone number looks familiar, so you’re more likely to answer (there are computer programs that let scammers choose the number they want to pop up on your phone).
Often, the “grandchild” pleads with you to not tell other relatives because they’re embarrassed or scared. Wanting to help, the grandparents send money via wire transfer to the scammer.
In March 2022, an 81-year-old in a town north of Toronto was victimized by a scammer who pretended to be their grandchild. He said he had been pulled over by police and needed money for the fine. The grandparent paid, and then came a second call, supposedly from a Royal Canadian Mounted Police officer. The “officer” validated the “grandson’s” story but said more money was needed. The man made four payments over three months—and lost a total of C$100,000.
Regardless of whether or not you are a grandparent, if you get a message like this and it appears to be from a loved one, before sending any money be sure to call the relative directly to ask if they really are in some kind of trouble.
Here are the Facebook Messenger scams to watch out for.
Romance and Catfishing Scams
Catfishing is when someone pretends to be someone they’re not. The fraudster may use a phony name and photo to court someone online, usually over social media—such as Facebook, Instagram or a dating app—with the goal of making the victim fall in love with them. Once trust is obtained, they ask the victim for money.
Rebecca D’Antonio of Orlando, Florida, says she was cheated out of US$100,000 by a man she met online via an undisclosed dating site. “Matthew” said he was a widower and a single dad, and after months of building up trust with D’Antonio over email and text messages, he persuaded her to send wire transfers by telling her he needed money for medical bills, or because he had lost his credit card.
If you get these texts, delete them immediately.
How to Reduce Your Risk
All of this may make you want to unplug and go back to the pre-digital age. But it’s reassuring to know that scams in Canada are being vigorously tackled by governments and credit-card companies.
Worldwide, Visa has invested US$9 billion in fraud prevention and cybersecurity over the past five years alone, with an investment of US$500 million in artificial intelligence, machine learning and data infrastructure. This allows monitoring of suspicious activity on your account in real time, utilizing more than 500 “risk attributes” (clues) that may indicate fraud. In doing so, Visa can identify patterns of cybercrime and work with law enforcement to find these bad actors and bring them to justice.
Visa regularly works alongside the U.S. Department of Justice, the FBI, Secret Service and Europol to help identify and apprehend fraudsters and other criminals.
During the first half of 2021, Visa and these agencies brought down the notorious FIN7 cybercrime gang, perpetrators of an international ATM cash-out enterprise—when people’s bank cards are cloned and money withdrawn from ATMs—and recovered millions of dollars laundered by organized crime.
Mastercard has invested more than US$1 billion in cybersecurity since 2018. In the past three years alone, the company has prevented US$30 billion in potential customer fraud losses. In 2020, Mastercard established the Global Mastercard Intelligence & Cyber Centre of Excellence at its tech hub in Vancouver, to accelerate innovation in the security field.
“While the elderly are a known target group, we’re also seeing fraudsters focus on the younger generation, children aged 14 through 18 who have just opened bank accounts and are tricked into giving out banking credentials on platforms like Snapchat,” says Kelly. According to figures from the U.S. Federal Trade Commission, a whopping 44 percent of people in their 20s reported losing money to fraud.
Even if you’re more tech–shy than tech-savvy, you can still protect yourself from scams in Canada. Read on to learn about a few precautions you can take against cybercriminals.
Use Strong Passwords
Your passwords should be at least seven characters and a combination of letters (upper and lowercase), numbers and symbols. Don’t include your birth year or your kids’ or pets’ names. However, a “passphrase” is a good idea; for example, “myc@tCis#1!” (derived from “my cat Charlie is no. 1”).
Most importantly, never use the same password for all of your online activity, because if a site or app is breached, then the crooks will try that same password for your other accounts. Password-manager apps like 1Password and Dashlane can help keep track of all your login information and ensure each password is secure.
If you use any of these weak passwords, you’ll want to update your settings immediately.
Limit the Information You Share
Set your social media profiles to private. If someone asks to connect with you on social media, only accept their request if you know them. Even if it’s a name and photo of someone you know, confirm it’s them by reaching out to them in another way. If it’s a fake, block and report the fraudulent message.
Double Your Efforts
For online banking and shopping apps, opt for two-factor authentication, which not only requires your password to log in but also a one-time code sent to your mobile device to prove it’s really you.
Hide Yourself
Use the “private” or “incognito” mode of your browser, which deletes your history and cookies after your session so the information is not left on the device. Better yet, consider reputable virtual private network (VPN) software to remain anonymous when online.
Rethink Your Email Accounts
The email accounts you use on social media should not be the same ones you have tied to your bank accounts, health-care information or confidential conversations you may be having, says Payton. “This is because these publicly accessible email accounts can be easily harvested using free marketing tools.”
Instead, Payton suggests using an encrypted email platform like Proton Mail. In addition, use separate phone numbers for personal use and anything tied to finances. You can get a free secondary phone number on your existing smartphone from apps like TextNow, Google Voice or Talkatone.
Shop Safely
Always use a secure internet connection—your home Wi-Fi, for example—when making an online purchase. Reputable websites use technologies such as SSL (secure socket layer) that encrypt data during transmission. (You will see a little “padlock” icon on your browser and usually “https” at the front of your address bar.) And experts say it’s safer to shop within a store’s app than the web.
Shop only on sites that take secure payment methods, such as credit cards, PayPal, Apple Pay or Google Pay. When shopping at an unfamiliar merchant’s site, look for some sort of security seal of approval, such as DigiCert, Better Business Bureau and VeriSign. On auction sites like eBay, check the seller’s reputation and read comments before buying a product.
Don’t shop (or bank) online using a public Wi-Fi hotspot—such as in a café, airport or hotel lobby—as they’re not as secure as your home Wi-Fi or a cellular connection. Instead, make a “personal hotspot” out of your phone.
Discover more tips for safer online shopping.
Protect Your Tech
To prevent viruses or other malware, install anti-malware software on your devices. It’s like placing a deadbolt on your front door and activating an alarm system. Formerly called anti-virus software, anti-malware software can identify, quarantine, delete and report suspicious activity.
The most robust products include a firewall, encryption options and webcam-intrusion detection (to prevent someone accessing your webcam).
Protection against scams in Canada is about being on guard, learning to sense when something seems suspicious and installing software, such as anti-malware, to give you peace of mind.
Based in Toronto, Marc Saltzman has been “breaking down geek speak into street speak” for more than 25 years. Follow Marc on Twitter for his “Tech Tip of the Day” posts, or subscribe to his Tech It Out podcast.
Now that you’re familiar with the most common scams in Canada, check out this expert advice on how to prevent identity theft.