The word phishing comes from the analogy that Internet scammers are using email lures to ‘fish’ for passwords and financial data from the sea of Internet users.
Phishing, also called “brand spoofing”; is the creation of email messages and Web pages that are replicas of existing, legitimate sites and businesses. These Web sites and emails are used to trick users into submitting personal, financial, or password data. These emails often ask for information such as credit card numbers, bank account information, social insurance numbers, and passwords that will be used to commit fraud.
The goal of criminals using brand spoofing is to lead consumers to believe that a request for information is coming from a legitimate company. These phishing attempts can also be done by phone by criminals posing as bank employees.
In reality it is a malicious attempt to collect customer information for the purpose of committing fraud.
Warning signs – How to protect yourself
- Do not reply to any email that requests your personal information.
- Look for misspelled words.
- Do not give your banking information to anyone calling you purporting to be from your bank. Take down their number, hang up, and call the bank according to their contact info on their website.
- Contact the financial institution immediately and report any suspicions of email or telephone phishing.
Variations That Will Rob You HUGE
One type of wire fraud currently targeting businesses is the Business Executive Scam (BES) which is a type of phishing. The potential victim receives an email that appears to come from someone of authority within the company (i.e. CEO, CFO). Fraudsters create email addresses that mimic that of others in the company. An email message will be sent to the CFO advising that the “executive” is working off-site and has identified an outstanding payment that needs to be made as soon as possible. The “executive” instructs the payment to be made and provides a name and a bank account where the funds, generally a large dollar amount, are to be sent. Losses are typically in excess of $100,000.
Financial Industry wire frauds occur when Canadian financial institutions and investment brokers receive fraudulent email requests from what they believe to be an existing client. Unbeknownst to them, the email account of their client has been compromised. A request is sent by the fraudster to the financial institution/investment broker to have money transferred from “their” bank account usually to a foreign bank account.
This month alone, Presidents at 3 of our clients reported that members of their staff received emails from them to wire money. Thankfully, their staff spoke to these Presidents to confirm the instructions, which were found to be fraudulent.
Unfortunately not everyone is lucky enough to have such suspicion in their professional circles. Last week a client told me he knows someone who’s accountant wired $75,000 of his client’s money after receiving email instructions from his client—an email that turned out to be fraudulent. Are you wincing as much as I am? Yes, the accountant should have known better by picking up the phone to confirm the instructions verbally with his client, but, he didn’t, and cost his client $75K.
This Fraud Can Happen To ANYONE Unsuspecting
Learn The Warning Signs & How To Protect Yourself
- Beware of unsolicited emails from individuals or financial institutions presenting an urgent
situation requiring immediate attention. - Prior to sending any funds or product requested by email, make contact with the sender by
telephone to confirm that the request is legitimate. - Watch for spelling and formatting errors and be wary of clicking on any attachments, they can contain viruses and spyware.
Phone number spoofing
If you receive a call and the call display shows a phone number of 123-456-7890 or 777-777-7778 (or any other strange combination of numbers), this is a phone number that has been programmed into the system so your call display indicates a different number than the originators. Although this does not mean the offer you are receiving is illegal, you should certainly have a “red flag” approach to any offer.
Why would a legitimate company try to obscure their identity?
Automated dialers
The phone is ringing but no one is there when you answer.
Your phone may have a technical problem but you may also be receiving calls from an automatic dialer that logs the time the phone is answered. A telemarketer uses the information to indicate when a person will be at your number to answer the phone. For more information on Automatic Dialers you can research the CRTC web site.
Unsolicited service calls – general services
Any false, deceptive or misleading promotion of services or solicitation for services. These scams typically involve third parties that make offers for telecommunications, internet, finance, medical and energy services. This category of scams may also include, but is not limited to, offers such as extended warranties, insurance and sales services.
If you have received an unsolicited telephone offer or a card in the mail you should use the “buyer beware” philosophy.
Warning sign(s) – How to protect yourself
- Credit card charges from foreign banks appearing on your statement ranging from $35.00 to
$469.00. - Do you already have an existing warranty?
- Have you checked with your car dealership?
- How is the offer worded – does it make sense? Is it realistic?
- Research on the internet.
Unsolicited computer repair services
Generally, this scheme involves company representatives calling individuals and stating, for example, that it is Microsoft calling and that their computer is running slow or has viruses. They offer to repair the computer over the internet, which can involve the installation of software or the customers allowing the representatives remote access to their computer.
A recent variation being reported to the CAFC have involved the suspects identifying themselves as the Canadian Cyber Incident Response Centre and have taken a more aggressive approach with individuals by stating their computer is being used by hackers and that they will be held responsible if they do not allow the suspect to repair their computer.
Allowing a third party to download software or remotely access a computer carries inherent risks. Keyloggers or other malicious software could be installed to capture sensitive data such as online banking user names and passwords, bank account information, identity information, etc.
Warning sign(s) – How to protect yourself
- Unsolicited call representing computer repair-company (e.g. Microsoft) or indicating that it is the Canadian Cyber Incident Response Centre.
- Caller requesting remote access to your computer or for you to view your event viewer.
- Urgent solicitation indicating there is a threat to your computer.
- Protect your network and computer with anti-virus software, spyware filters, email filters and firewall programs.