All fraudsters have their tools of the trade. In order for their fraud to be successful, they require a way to communicate with their potential victims. To better prevent fraud from the very beginning, Fraud Prevention Month 2020 (#FPM2020): Show Me The Fraud uses its weekly themes to breakdown the top contact methods and provide the best practices to stay safe. For week 2, we’re looking at fraud initiated by email or text message.
Consumers have become increasingly available to fraudsters by accepting emails and text messages on their mobile devices which they carry with them at all times. While direct calls may still be the #1 contact method fraudsters use, consumers are victimized much more often from frauds initiated by emails and text messages.
Masking: Like Caller ID spoofing, fraudsters are able to altered the sender’s information to display the name, phone number or email they want you to see. In emails, you should be able to hover over the sender’s name to reveal the sender’s real email address.
Automation: Automated or scheduled emails and text messages were designed to help businesses save time by quickly and simultaneously engaging with their contact list. Fraudsters use the same applications and services to instantaneously message their lists. They can choose who the messages go to, decide when to send them and even personalize them depending on the information they have previously collected. Fraudsters may also setup autoresponders to send delayed messages for when consumers reply back.
Email Compromise: When fraudsters gain access to email accounts, they will likely impersonate the victim to attempt fraud. With consumer accounts, fraudsters may send an email to the victim’s entire contact list asking for money urgently due to an emergency. With business accounts, fraudsters may setup an email forwarding rule to receive a copy of all incoming emails to their own email account. They will comb through the information and impersonate the business when the timing is right. The fraudsters may send a repeat invoice to clients asking them to submit their payment to an updated bank account. They may also impersonate an executive and request payments be made from staff members for various reasons. The success of these frauds depends on the fraudsters’ ability to mimic the victim.
Best Practices – How to Protect Yourself
- Beware of unsolicited emails and text messages. Delete them.
- Do not open messages that claim to be from businesses or organizations with which you do not have an existing relationship.
- Most businesses and organizations have personalized domains. Meanwhile, fraudsters will use readily available and free domains (ie. @outlook, @hotmail, @gmail, @yahoo, @me, etc) for their email addresses.
- Take the time to analyze the sender’s email address by hovering over the sender’s name or visible emailaddress. Sometimes, fraudsters will purchase domains that are very close to legitimate ones. It may be as simple as changing an ‘m’ with ‘rn’.
- If an email or text message includes a sense of urgency, this is a telltale sign of fraud.
- Review the message for spelling, grammatical errors, unusual language or branding that isn’t quite right.
- Do not click any links or attachments if you are unsure of the sender’s identity.
- If you clicked a link and it requests personal or financial information, close the internet browser.
- If you’ve provided personal or financial information, follow the RCMP Victim Assistance Guide (http://www.rcmp-grc.gc.ca/scams-fraudes/victims-guide-victimes-eng.htm).
- Financial institutions and government agencies will not request personal or financial information through email or text message.
- If the message seems to be coming from one of your contacts but something doesn’t feel right or sounds too good to be true, contact them through a different communication method.
- If you are still unsure if the message is legitimate, call the supposed sender at a recognized phone number.
If you think you or someone you know has been a victim of fraud, please contact the Canadian Anti-Fraud Centre at 1-888-495-8501 or report online at www.antifraudcentre.ca.
This document is the property of the CAFC. It is loaned to your agency/department in confidence and it is not to be reclassified, copied, reproduced, used or further disseminated, in whole or part, without the consent of the originator. It is not to be used in affidavits, court proceedings or subpoenas or for any other legal or judicial purposes. This caveat is an integral part of this document and must accompany any information extracted from it.