“I got a 'u up?' email from my pastor early one morning. He had a favour to ask. A friend of his, in hospital with late-stage cancer, was scheduled for surgery that night. It would give her great comfort to hear her favourite music, he said. He was tied up. Could I possibly pick up some iTunes gift cards, asap? I was to scratch off the backing of the cards to reveal the codes, take a picture, and email them to his friend in the hospital. I did so. Turns out my pastor never sent the email. It was a scam under his name. And my email to the so-called cancer-stricken friend went to the scammers. I never got my money back."
– Kathy, Mission, BC
Technology has opened up new opportunities for people with bad intentions to try to trick you out of your money. Learn how to identify and guard against online and computer scams.
Spot the scam
You’re browsing the internet. An online ad features an item you’ve been thinking of buying. You click on the ad to learn more. A window pops up on your computer saying “Warning! Your personal files have been encrypted!” The only way to “release” them is by paying a steep fee. If you don’t pay in the next 72 hours, “you will never be able to recover your files.”
This is an example of malware, which is software used to disrupt use of a device or gain access to sensitive information. Some malware is called spyware because it’s installed on your device without you realizing it.
Scammers try to install this software on your device so they can fool you into paying them money. Or they’re trying to gain access to information stored on your computer, such as bank account details and passwords.
The installation of the software can be triggered in many ways: when you click on a link in an email, download a file from a website, or install free software.
In fact, it’s illegal to install software programs on someone’s device without the consent of the device owner or an authorized user (for example, a family member or employee).
You get an email message that appears to be from your bank. The sender’s name, the layout of the email, the logo — it’s all the same as your bank’s, at least on first look. The email says your account has been compromised, and you need to visit a website to verify your account information. As you study the email more closely, you see there are some typos, the logo is a bit off, and the address of the website is slightly different from your bank’s website.
This email is fake. It’s been sent by scammers pretending to be from your bank, trying to trick you into handing over personal and financial information. This is known as phishing. The email is being used as a “lure” to fish for victims.
Once the scammers have your information — be it bank account details, credit card numbers, and passwords — they use it to take your money and commit more fraud.
These scams use email messages and web pages that closely resemble those of legitimate institutions such as banks, government agencies, retailers, or software companies. The imitations can sometimes be very good. The emails or web pages might look and sound legitimate. But in reality institutions like a bank or government agency will never expect you to send your personal information by an email or online.
Signs of a phishing email or fake website include the following:
there are obvious spelling and grammar mistakes
the company logo looks wrong or fuzzy
the email or website urges you to click on a link or provide personal information
the tone is threatening or urgent
Be skeptical about unsolicited emails
Treat all unsolicited emails with skepticism. Never give credit card or online account details to anyone you don’t know and trust. If an email asks you to visit a website to "update" or "confirm" your account information, be extremely cautious.
“I got an email from a lawyer overseas. A person sharing my family name had died and left behind a large sum of money. The lawyer hadn’t been able to locate any of the dead person’s relatives. He suggested that, because I had the same family name, he could pay the inheritance to me. We could then split the money, rather than handing it over to the government. I just had to pay some taxes and legal fees, and to provide my bank details so they could deposit the money.”
– Harry, Surrey, BC
An email from overseas claims that an important event — such as an inheritance or a change of government — has resulted in a person having a large sum of money which needs to be transferred out of the country. The sender claims that if you help with the transfer, you can keep a portion of the money. If you reply to the email, the sender says you’ll receive your “reward” once you pay various “taxes and fees.”
This is a money transfer scam. It’s sometimes called a Nigerian scam or 419 fraud, after the section of the Nigerian criminal code dealing with fraud.
There are many variations of the scam, but all aim to steal your money.
You will never be sent any of the money, and you’ll lose any amount you pay in “taxes and fees.”
Be wary if someone asks you to transfer money for them
If you’re approached by someone asking you to transfer money for them, it’s probably a scam. Once you send money to someone, it can be very difficult, if not impossible, to get it back.
Gift cards are the new untraceable currency of choice for many scammers. They’re easier than wire transfers, which now have tighter security around them.
Here’s how the scam works. You’re asked to buy gift cards, scratch off the backing to reveal the codes, take a photo of the cards, and email them to the scammer’s “friend.” Once the scammers have the live codes you’ve given them, they can sell them on the black market for cash.
Beware of suspicious requests
If you’re ever asked to buy gift cards for someone and tell them the codes, be suspicious. Even if the request seems to come from someone you know well. (The scammer may have hijacked their mailing list.) Call to confirm that the email really is from whom it seems to be from.
“I received a call from someone saying they were from Windows. The caller said my computer had been reported as having a virus that was infecting others. They told me to go to a website so they could fix it. Once I did, they took over the controls of my computer. They then told me I’d have to pay $300 for the 'repair.' I pulled the power on my computer and brought it to a local company to fix it.”
– Hargun, Nanaimo, BC
One of the most reported scams targeting Canadians is the antivirus software scam. You get an email or phone call from a company that says your computer has a virus. They say they can “repair” your computer. This can involve installing software or “taking over” your computer to fix it.
The software they install turns out to be malware or spyware that enables the scammer to gain access to your personal information. Or the scammer insists on a payment for their “repair” before they turn the controls of your computer back over to you.
Be careful when giving up control of your computer
Never give control of your computer to a third party unless you can confirm they are a real representative of a company you trust. If you receive an unsolicited call from someone claiming to be from “Microsoft Support,” “Windows,” or “Apple,” hang up. Technology companies don’t make these kinds of calls.
Many of the tricks scammers try with email and computers are also used on mobile phone users.
For example, scammers send text messages to mobile numbers trying to trick you into entering credit card or personal information. The message might be disguised so that it appears to be from your phone service provider, a retailer, or a software company.
Or scammers hide malware in games or apps you can download on a smartphone. When you download the game or app, the malicious software is installed on your phone. It can then be used by the scammers to steal your personal and financial information.
Other scammers use the missed-call scam. They call your phone and hang up so quickly you can't answer the call in time. You may be tempted to call the number to find out who called you. If it’s a scam, you’ll be paying premium rates for the call without knowing it.
A variation with text messages involves scammers sending a text from a number you may not recognize, but it sounds like it’s from a friend. For example: “Hi, it's Mike. I'm back! When are you free to catch up?" If you reply out of curiosity, you might be charged at premium rates for text messages.
Password protect your devices. On your cellphone, lock the keypad when you aren’t using it.
Have software installed on your devices to prevent spam (unwanted email), viruses (harmful computer programs), and spyware. Keep that software up-to-date.
When using email, never click on a link in an email, even to log in to well-known sites such as Facebook or Twitter. Go to the site directly and log in there.
Don’t open an attachment in an email sent by someone you don’t know.
Don’t click on links unless you trust the site you’re on.
Don’t download files or applications unless you can verify the source. Never give personal information to “unlock” a feature or application.
When you’re using social media services such as Facebook or Twitter, be alert for scammers posing as a friend. They may share something with you, trying to trick you into clicking on a link to a malicious site.
Be aware that wireless networks in public places such as coffee shops, libraries, and airports are not secure. When using a public wireless network, never send personal information or visit sites that require a password (such as online banking).
Make sure your information is completely erased before you sell, recycle, or discard your computer or cellphone. This involves more than deleting everything. To make sure your private information is gone forever, you need to “wipe the hard drive” using special software. You can buy this software or have a professional do this for you.