Avoid These Scams: Phishing, Smishing and Vishing

Millions of Canadians are pursuing their holiday shopping online this year, despite many of them being worried about the security of those transactions.

Eighty percent of Canadians are concerned about falling victim to online fraud during the 2023 holiday season, while 70% are concerned about sharing personal information, according to a recent study conducted by credit bureau TransUnion.

Fraudsters are known to target the platforms and mediums with which consumers are most familiar, using emails, social media, QR codes and even text messages as a way to separate Canadians from their sensitive personal and financial information.

In fact, these schemes — known as phishing, smishing and vishing — topped the list of reported fraud schemes in the TransUnion study:

Phishing (44%): Fraudulent emails, websites, social posts or QR codes.
Smishing (36%): Fraudulent text messages.
Vishing (35%): Fraudulent phone calls.

While prevalent, these oddly-named scams aren’t insurmountable. In many cases, running through a quick mental checklist can help you spot them before your money or identity is at risk.

Phishing

How it works: Fraudsters entice their targets to share sensitive information like passwords and account numbers, or in some cases to download a virus — often by simply clicking a link. Email is the most common medium for phishing, but fake websites, social media posts and QR codes are also used. Problems with an account, claims that you’ve won a prize or requests from a colleague at work are common tactics in phishing emails.

Smishing

How it works: Short for ‘SMS phishing,’ smishing is a phishing attempt conducted by text message. Send directly to your mobile device, smishing attacks often mimic alerts from a bank, credit card company, or even your boss at work. Frequently, these messages will claim that there’s an emergency, and they need you to take action right away, either by responding with sensitive information or clicking a link.

Vishing

How it works: Short for ‘voice phishing,’ vishing is a phishing attempt conducted via live or automated phone calls. The caller may say that one of your financial accounts has been hacked, or they may leave a message telling you a warranty or insurance policy has expired. Much like phishing and smishing, vishing fraudsters will make the situation sound urgent so that you’ll provide the required information or payment right away.

Ways to protect yourself (and what to do if you’re targeted)

Patience and a healthy dose of skepticism are vital to protect yourself from phishing, smishing and vishing schemes.

Remember, these scams prey on your emotions and sense of trust — they assume you’ll be so worried about taking prompt action, you won’t verify that the request or offer is legitimate.

When the next odd email, text or phone call occurs, stop, take a deep breath, and ask yourself the following questions.

Was this expected? Make sure you recognize the sender or caller, even if the message looks official or seems personalized to you. Scrutinize the email address and/or the number. Decide whether the message references a familiar product, service, account or event. Compare the content of the message with what you know to be true, such as the expiration date of an insurance policy or whether you actually have a vehicle warranty.
What is this message asking me to do? Being asked to provide personal information, click on a link or download an attachment is a huge red flag. It’s probably best to delete the message right away (or hang up). If the message is alleged to be from a bank or known company, contact the institution directly, via a publicly known and verified phone number, to ask if they’re trying to reach you.
Is this too good to be true? Messages that claim you won a prize or have been chosen for a special offer should be viewed with suspicion, particularly if you don’t remember entering or signing up for the opportunity in question.

The Government of Canada website has more resources about how to spot and avoid fraud schemes; getting familiar with this information before something goes wrong can help you stay on high alert.

And if, despite your best attempts, you fall victim to a scam, contact the Canadian Anti-Fraud Centre to report it right away. You can also report the cyber incident to the Canadian Centre for Cyber Security.