Laurentian Bank: Laurentian Bank of Canada.
Identity and personal information exploitation.
Identity and personal information exploitation.
This type of scheme involves stealing or misusing personal information to commit more fraud.
Smishing.
What’s smishing?
Smishing relies on fraudulent text messages that try to pressure you into sharing money, passwords or personal details. Scammers send texts that look real at first glance. They might pretend to be your bank, a delivery company or even a friend.
How to spot smishing.
These kinds of text messages have common elements. A smishing message often:
creates urgency;
is partially true, such as you are expecting a package or it is somewhere you shop;
asks you to select a link;
requests sensitive personal or financial information, or help.
Examples:
“Your account is locked!”
“Your package is delayed. Confirm your delivery.”
“Unusual activity on your credit card. Verify the transaction now.”
“Your order couldn’t be delivered. Update your address.”
“You’ve been refunded $103. Click to claim.”
What to do if you think you’ve been scammed.
Real companies don’t ask you to fix urgent problems or verify sensitive information using text message.
Before you select a link, reply or share anything, ask yourself:
Do I feel rushed?
Does this message match what I know about this company or person?
Is the link or phone number unfamiliar?
Does this organization normally contact me this way?
If you’ve already clicked the link:
Report the message right away.
Change passwords for any affected accounts where sensitive information was given.
Phishing
What’s phishing?
Phishing involves sending an unsolicited email to many recipients with the goal of having some of the receivers commit an act that compromises the security of their information. There are various techniques used for phishing and they’re constantly changing.
The most common examples are:
The email contains a link to a site that infects the recipient’s computer.
The email directs the receiver to a fake secured site that looks legitimate. The site may have similar logos or content but it records the information entered with the intention of stealing it.
The email contains an attachment with a virus or other type of malware that infects the receiver’s computer or steals information.
The email prompts the receiver to get into contact with fraudulent individuals passing themselves off with a false identity.
Malicious emails can sometimes cause harm simply by being opened, but most need the recipient to take some form of action. Informed users know how to spot harmful emails and steer clear of potential risks.
How to spot phishing.
Phishing, much like fishing, involves using bait and a hook. Detecting the bait is crucial to avoid falling into the trap.
To hook their victims and have them commit an act that compromises the security of their information, fraudulent emails use proven methods like:
Creating a sense of urgency in an "emergency situation”.
Presenting a problem that requires unusual actions.
Making receivers feel insecure, leading them to take actions to protect themselves.
Playing upon the receiver’s curiosity by providing limited information to lure anxious individuals.
Beyond recognizing the techniques used to make victims take the bait, there are certain detectable clues to help identify a fraudulent email:
The email is addressed generically rather than directly naming the receiver.
The email is poorly written and there are spelling mistakes.
The logos resemble the originals but can be slightly different or arranged in a strange manner.
The site names and email addresses are not from the site where the message claims to have been sent from. For example, it could be written as “laurentiannbank.ca” instead of “laurentianbank.ca”.
What to do if you suspect you’ve received a fraudulent email.
Resist
Don’t respond to the email
Don’t select any links
Don’t open any attachments
Don’t enter any personal information
While we can communicate with our customers by text message, email or phone, we’ll never request personal information, such as credit card numbers, personal identification numbers (PIN) or online account passwords. If unsure, contact us through a known, legitimate email address or phone number.
2. Report This type of email should be treated like spam and reported as such to your email service provider. If you’re still concerned or you suspect fraud, also contact the Fraud Prevention Department.
3. Delete The email should be deleted from both the inbox and the deleted items folder.
For more information on phishing, refer to the following websites:
Canadian Bankers Association – How to spot a phishing scam
Government of Canada – Phishing: What’s in a fraudster’s tacklebox?