Several people have contacted the police over the past few months to report that they have been receiving e-mails from various financial institutions asking them to ?confirm? or ?verify? their accounts. In this world of internet scams, this is yet another one.
There are two things that make these scams believable. The websites look legitimate. In fact they mimic the company website right down to the logos. The only difference is the website address. The fake website has an additional letter or number in the address line, and this takes you to worlds unknown.
In addition, we want you to be aware of the more common techniques that are being used to steal personal and financial information.
What is Phishing? Phishing is a type of fraud that is designed to trick individuals into disclosing confidential and financial information for the purpose of identity theft.
How it Works. You receive an unsolicited e-mail appearing to be from a legitimate and reputable company, like RBC Financial Group.
The e-mail may raise concerns that your account information is out of date or that you have received money. There is usually a sense of urgency and there may be a consequence associated with the request. For example, you are asked to validate your account information in order to prevent it from being suspended or terminated.
You are asked to take action by following instructions that usually involve having you click on a link that takes you to a fake Web site. The fake Web site appears valid, often complete with a legitimate company?s brand name and logo. Often the link and the URL address of the fake Web site look very similar to the URL address used by the real Company that is being spoofed.
You are asked to provide or update your personal and financial information by completing an online form or by responding to the e-mail directly. You may be asked to provide a variety of information such as credit card numbers, account numbers, passwords, date of birth, drivers licence number, and social insurance or social security numbers.
Once the information is provided, it is captured by the fraudster who may use it to gain access to accounts or to steal your identity.
Tips to Help You Spot and Avoid a Phishing Scheme. As a general rule you should not provide your confidential and financial information over the Internet in response to unsolicited requests you receive.
At RBC, we will never ask you to provide us with sensitive information such as your account numbers, PINs, passwords, Social Insurance number or Social Security number through regular e-mail. We will also never send you an e-mail requesting that you visit a Web site to provide us with that information. If you receive such a request, do not respond and contact us immediately.
Here are some additional tips to help you spot and avoid a potential phishing scheme:
If you don?t know the source of an e-mail or if it looks suspicious in any way, do not open it. If the e-mail appears to have been sent by any of the RBC Financial Group companies, that you are suspicious of, please contact the financial institution immediately.
Just because an e-mail or Web site appears to be from a legitimate company doesn?t mean it is. Phishing schemes are designed to look
real and fraudsters will often use logos, trademarks, or even the entire look and feel of a valid Web page to trick users into believing that it is genuine. Inspect any trademarks or logos that are used in the e-mail or Web site. If the image appears to be different or distorted, the e-mail or Web site is likely a fake.
Phishing schemes sometimes contain misspelled words. Look for these either in the message or in the hyperlink if one is provided.
Avoid responding to an unexpected Web page or pop-up window appearing to be from a legitimate company that requests that you provide confidential information for a purpose that seems legitimate, e.g. to prevent a security threat or to validate an account, as it is likely a fake.
Never click on a link contained in an e-mail that you suspect may be fraudulent. The link could take you to a fake Web site or initiate the installation of unwanted software onto your computer.
If you have a relationship with the company mentioned in a suspect e-mail and you wish to call them to verify the request, do not use any telephone numbers provided in the e-mail message, as they may be fake as well.
Always be suspicious of Web pages containing forms that collect confidential information, and do not use standard security features such as SSL encryption. Whenever you submit confidential or financial information online, always ensure that the Web site you are communicating with is secure. You can check the security of a Web page by looking for a security symbol such as a closed padlock in your browser screen. You can also check the URL in the browser address bar. It should start with ?https:? rather than just ?http? as this signifies that the session is encrypted.
Always follow safe computing practices.
How to Report a Suspicious E-mail or Web site Fraud.
If you receive an e-mail that appears to have been sent by any financial institution, that you are suspicious of, please contact the institution immediately.
If You Believe You have been Victim of a Phishing Scheme.
If you believe you have been a victim, or are a potential victim of a ?Phishing,? fraud scheme please contact Phone Busters by calling 1-888-495-8501 or e-mail at firstname.lastname@example.org. Phone Busters is a division of the Ontario Provincial Police (OPP).
If you live in the U.S. please contact your local authorities as well as the FTC (Federal Trade Commission) at 1-877-438-4338 in addition to contacting Phone Busters.
You may also visit the ?Protecting Your Identity? section of this Security Web site for further information on ?Things You Should Do If You Suspect You Are A Target?.
Things You Should Do If You Suspect You Are A Target:
File a report with the police immediately. Ask for a copy so that you can provide the evidence to the various companies you have to contact.
Contact all creditors with whom you deal with and review your financial information.
Cancel your credit cards and get new ones issued. Obtain details from the creditors about accounts tampered with or fraudulently opened in your name.
Contact the Credit Bureau. If you live in Canada, contact Equifax Canada Inc or the Trans Union?s Fraud Victim Assistance Department and ensure your file is marked to reflect the identity theft. If you live in the Unites States, please contact the US Trans Union?s Fraud Victim Assistance Department.
Close your bank accounts, open new ones and change your Client Card Personal Identification Number (PIN).
Advise your cable company and all utility and telephone companies that someone may be using your name and could try to fraudulently open new accounts.
If you live in Canada, advise the Ministry of Transportation (Driver?s Licence, Vehicle Licence), Human Resources Development Canada (Social Insurance Number) and the Passport Office of the situation.
If you live in the United States, you should call 1-877-IDTHEFT (434-4388) and obtain a copy of ?When Bad Things Happen to Your Good Name? from the US Federal Trade Commission.
Cpl. Kurt Peats
NCO i/c Tumbler Ridge Detachment
315 Founders Street, PO Box 710
Tumbler Ridge, BC V0c 2W0