Canadians are more worried about data privacy breaches like email fraud and phishing scams than they are about home break-ins, vehicle theft and plane crashes, according to a survey conducted by Interac. Plus, 55 per cent of Canadians worry that increased isolation and time online due to the COVID-19 pandemic have made people more susceptible to fraud.
Email fraud is one type of payment fraud and it’s especially important to recognize in order to safeguard your data privacy. Yet, 96 per cent of Canadians failed to recognize an email scam when put to the test.
In other words, virtually everyone could use a little help recognizing the telltale signs of digital fraud. Here are some tips to help Canadians recognize email fraud and protect their accounts — and advice on how to deal with possible incidents if they happen.
Types of email fraud
Phishing is one way that email fraudsters try to break into your email, by sending messages that appear to come from a trustworthy person or business. They’re trying to trick you into thinking the message is legitimate, so you’ll enter sensitive personal and/or financial information into their fake portal. Phishing is typically carried out using email or instant message, although text messages have been used as well.
However, cybercriminals are growing even more sophisticated, and can access your email in different, sometimes easier, ways. Think of how much information you share about yourself online by posting updates, sharing photos, or answering seemingly-innocent quizzes online. Fraudsters can scrape these personal details and use them to guess weak passwords or security questions.
Hackers will often impersonate friends, government officials or brands you love to steal money or personal information. Fake money transfers can trick unsuspecting Canadians into handing over answers to security questions. Tax scams can bait victims into surrendering their social insurance numbers. Fraudulent emails for streaming and other online subscription services can trick people into clicking on phony links to update payment information.
Recognizing email fraud: general tips
- Be wary of emails from senders you don’t recognize, and don’t click on any links unless you’re certain you know the sender.
- Trust your gut. If you receive a deposit or money request notification you weren’t expecting, contact the sender through a different channel to check if it’s real.
- Fraudsters go to great lengths to try to legitimize phishing attempts, using company logos, sometimes even including ours at Interac.
- Look for errors or strange typos in the text of an email notification. A common error in phishing emails is the “$” sign appearing after the amount, instead of before it.
Four ways to protect yourself from email fraud
- Use Interac e-Transfer Autodeposit. If you have Autodeposit set up, Interac e-Transfer transactions sent to your email address will automatically be deposited into your bank account, which allows you to bypass steps that require you to enter a password and/or an answer to a security question. Autodeposit is the secure, convenient way to accept Interac e-Transfer.
- When you receive a money transfer, read the message carefully. Fraudulent emails will often ask you to reply with a security answer.
- Create strong passwords, avoiding common words or numerical strings. Remember, sometimes the strongest passwords are the ugliest.
- Be conscious about what you share online, including personal identifiable information that hackers can use to access your accounts.
What to do if you’ve encountered email fraud
- If someone has gained unauthorized access to your email account, update your password and your security questions.
- If you accidentally fill out personal information in a link from a phishing scam, change your online banking password and contact your bank right away.
- If you think a notification is a scam masquerading as an Interac e-Transfer, your first instinct might be to delete the message, but we’ll appreciate it if you don’t! Kindly forward the email to firstname.lastname@example.org so our fraud team can further investigate and work to shut it down.