Could an email from your boss turn out to be part of a scam? How about a request for a one-time passcode? Or a phone call from a loved one?
The answer is yes, yes and yes.
The fact is that cyber criminals are constantly evolving their tactics to ensnare consumers. As fraud attempts become more sophisticated, they’re getting harder to identify. Thankfully, we’ve all got an inner voice that speaks up when a situation doesn’t quite seem right. When that happens, follow our advice to Stop, Scrutinize and Speak Up. We recommend that consumers closely scrutinize the source of the request to truly affirm the legitimacy.
Knowing when to be on guard goes a long way. So to help ensure you’re prepared and able to spot scams, keep reading to learn about ones to be ready for in 2023 and 2024, drawn from reports from the Canadian Anti-Fraud Centre, police forces across Canada, and other sources:
What’s the scam? It seems like everyone’s talking about the power of machine learning — often better known as artificial intelligence, or AI. And yes, it is impressive, but beware of AI’s power to deceive: Experts are warning of AI-enabled scams that leverage the technology to allow fraudsters to convincingly impersonate trusted people and organizations. Some criminals are using AI to fake specific people’s voices over a phone call (“deepfakes”).
What can you do? Think before you react to odd calls and situations. Verify information independently before you take any serious steps — say, if you receive an unusual call from a family member asking them to send you money, call them to confirm it’s a real request.
Loan scams (including loan fee fraud)
What’s the scam? To prey on people’s need for financial help, loan scammers offer a loan on good terms — but only after you pay a fee. (The scam is that there isn’t really a loan on offer — but the “fee” you’d pay would be real!)
What can you do? Beware of any loan offer that involves upfront fees (and definitely don’t pay them). Make sure to do your research and only deal with trusted, legitimate financial entities, and be especially cautious about offers that seem too good to be true.
One-time password bot scams
What’s the scam? As a way to get around two-factor authentication, scammers use automated bots to request one-time passwords from victims, often impersonating banks or service providers.
What can you do? Don’t share authentication codes. Scrutinize incoming messages very carefully to ensure they really come from the entity they say they do. Hint: Legitimate messages don’t request sensitive information, passwords and codes out of the blue.
What’s the scam? Bank scams involve fraudsters posing as financial institutions, hoping to trick you into revealing personal or financial information — often as part of an attempt to access your accounts or steal your identity. For example, fraudsters have improved their fake website-building skills so it can be really hard to distinguish a fake from the real thing.
What can you do? Check carefully to make sure you’re really interacting with your bank. When you’re banking online, make sure the website is genuine — avoid clicking on the URL from an online ad; instead, manually type in the financial institution’s URL to make sure you’re not being diverted to a fake site.
And if it’s a phone call, ask yourself: Is it really your bank calling? Offer to call them back, or visit the bank in person to discuss what they’re calling about. Don’t click on suspicious links in emails or texts. Once again, don’t reveal anything sensitive during incoming calls.
Package delivery scams
What’s the scam? Scammers send fake delivery notifications or payment requests for non-existent packages, exploiting online shoppers.
What can you do? Carefully scrutinize the message — is the email, contact info or website address correct? (Sometimes scammers use addresses that look very close to real courier companies’.) Don’t click links in the message either: Verify the request by calling or visiting the official website with the given tracking number. And keep track of your packages — know what’s coming your way.
“Whaling” — phishing, but in a workplace context
What’s the scam? Perhaps you’ve heard of phishing? Now there’s whaling — it’s phishing, but at work. Scammers are taking advantage of the continuing work-from-home habits of office workers — which has led to us not seeing our managers face-to-face quite as often — by stepping in and impersonating the boss. They’re making requests, typically via email, that could compromise the company if you followed through.
What can you do? Employees and businesses need to stay vigilant to help spot scam warning signs and avoid phishing attempts and malicious links. If you’re skeptical, find another way (say, face-to-face or a Slack or Teams message) to confirm that you’re really being asked to do what the message says.
Email interception fraud
What’s the scam? Your email account is an important part of your digital life, and it can be a point of vulnerability: It’s where you receive sensitive communications, and links to reset passwords. Cybercriminals are intercepting email communications so they can redirect payments or sensitive information for their own purposes.
What can you do? Remember that your personal email is the gateway to many other accounts, so it’s important to safeguard it. Some email providers offer a “security checkup” feature, for example, so use that periodically if you can. Beyond that, use strong passwords (which you don’t share with anyone else) and change them regularly. Enable two-factor authentication for an extra layer of security.
Fake QR codes and barcodes
What’s the scam? Scammers put fake codes to cover the real ones, so that QR codes on menus, payment requests and other places lead you down the trail to a malicious website — which can lead to downloads that compromise your device and your data security. There are also reports of people being sent scam QR codes via text.
What can you do? Carefully scrutinize all requests to scan a QR code. Be vigilant when downloading apps from a QR code. Confirm it comes from a legitimate source before proceeding.
More resources for staying alert and protecting your data
As you can see, fraud can come from unexpected sources, playing on your sense of trust. But if you keep your accounts as secure as you can, and listen to your inner voice when something seems fishy, you can be ready to thwart scams as they come your way.
Discover more ways to safeguard your digital self.