Spring into Fraud Prevention Month
March is designated as Fraud Prevention Month in Canada (and in the United States, the first week of March is promoted as Consumer Protection Week). Both “official” events offer a wealth of resources, tips, and best practices for consumers. We will help celebrate these important initiatives by focusing on three common activities on your phone/computer: Checking your email, answering a call, and shopping online.
Our first stop in your online day is checking your email. These days, most mail services are pretty good at filtering out phishing scams and fake emails… but no system is perfect. It’s still important to use caution when receiving an unsolicited or unexpected message, even from a friend, or online retainers you deal with regularly. PayPal, Facebook, Microsoft, Netflix, and WhatsApp are some of the most commonly spoofed brands used in phishing email attacks. Financial institutions are also prime targets for email impersonations. It’s smart to be suspicious with these emails.
FIRST POINT: Your first step should always be to check any links in the email before clicking on them. On a computer you can hover your mouse over a link to make sure that you’re going where you think you’re going; on a mobile phone, you can press and hold on the link until a help window pops up with a preview of your destination. Try it on this link: https://dev-isacybersecurity.pantheonsite.io
Surprised? This is the fundamental trick in phishing scams: presenting a link to a website, but then taking you to a different destination. Be on the lookout for name variations as well – scammers could set up a website substituting the number “0” in place of the letter “O” in a domain name to trick you into visiting a fake site.
If you are not satisfied that the email you received is real, then you can just delete it, report it as a fraud, or if you’re concerned, contact the company by phone or through their actual website. Don’t use links or phone numbers posted in the suspicious email – get the contact information from a trusted source to make sure you’re getting through to the right place.
Last word on emails: the most popular timing for phishing is usually on a Friday, and particularly before a long weekend. The scammers want to try to trick people rushing out for the weekend, or thinking about three days away from the office instead of focusing on URLs!
SECOND POINT: Our next activity is answering your mobile phone. Since Fraud Prevention Month coincides with tax season in Canada, let’s consider a phishing call purporting to come from the Canada Revenue Agency (CRA). Unfortunately, these calls are commonplace this time of year. And they form a “double nuisance” as they not only can trick unsuspecting people into revealing personal information, but the volume of distraction the scammers create with their repeated calls can cause actual correspondence from the CRA to be lost in the shuffle. If you receive any contact supposedly from the CRA, you can double-check your personal portal with the tax office. Any official correspondence will come to you through the portal; if it’s not there, then you may have a fraudster on your hands. If you don’t have an account, it’s useful and straightforward to register for one. Otherwise, you can contact the CRA directly call in to enquire/verify any calls you receive (again, don’t rely on the phone number you were given in the original call, text, or email, because it might be fake as well!).
In general, online “phone robot” services make it easy for scammers to spoof their phone numbers – they call from one number, but present a different number to your phone to make you think they are calling from a real company. If you’re unsure, always hang up, check the number from a trusted source or verified corporate website, then call back. If you are initiating the call to a real number, there’s no chance for the scammer to intercede. If you get repeated fake calls from the same number, you can block the number on your mobile phone, or report the number to your mobile service provider.
THIRD POINT: Last stop: time for some online shopping. If you’re about to make a first-time purchase on a website, show some healthy skepticism before clicking “Buy Now”. Check, but don’t necessarily rely on customer reviews on the site itself: fake sites can seed their comment sections with equally fake positive reviews. Check the site’s reputation independently with friends or Consumer Reports/BBB resources. Make sure the company has a “Contact Us” section with a physical address, customer service number, and clear instructions on return, refund and exchange policies. If pricing or inventory seems too good to be true, it may be a fake site enticing you with rock bottom prices or hard-to-get styles, sizes, and colours – their only goal is to get you to enter your credit card information.
Before entering any private information, make sure to check the browser connection to the website you’re visiting. Always make sure there’s an “https” (that “s” at the end stands for “secure”) before the name of the site. This gives you the confidence that the communication between your computer or phone and the website is encrypted end to end.
Just before concluding your purchase also be sure to verify the bottom-line pricing of products – watch for surprise fees, exorbitant shipping/handling charges, out-of-country duty or other taxes, and make sure you confirm the currency of the transaction. Make sure to take screen snaps and capture all documentation, emails, confirmation/transaction numbers, etc. for follow-up afterwards. Check your credit card statement promptly to make sure that the amount charged matches the transaction amount you were expecting. Shopping online offers convenience and can save you money, but you should never risk your personal information.
A few other online shopping tips:
+ Conduct regular reviews of your bank transactions, credit card statements, and credit bureau histories. Even if you’re cautious, your card numbers or personal information can be compromised. Checking occasionally will help you respond to fraud that much sooner, potentially limiting the damage and exposure of cybercrime.
+ Never reuse passwords across multiple websites. If you get hacked, the same email/password can be tested across other popular platforms, causing greater damage and exposure.
+ Avoid saving passwords and other information in your browser, and definitely never save login credentials on public computers, kiosks, or shared devices.
+ Clear your browser cache and cookies periodically. Unscrupulous websites can scan your browsing history, and tailor ads and search results to your preferences or activities. This can make you more susceptible to clicking a link presented in a banner ad or social media stream. Be wary of any unfamiliar links, and don’t click if you’re not confident.
Now that you’re more of an expert on protecting your online interests, why not take the fraud safety quiz on the Government of Canada fraud prevention portal to put your knowledge to the test? The dozen questions will help see how savvy you are at spotting and preventing consumer fraud online.
Want to learn more? The RCMP provides a list of top ten cybercrime prevention tips and the Government of Canada’s Cyber Safe portal has lots of resources and reference material too. Finally, the Consumer Council of Canada has a calendar of activities and events running year round.
One last note: Share your knowledge and these resources. Now that you’re armed with a wealth of great consumer protection resources and tips, think about others in your life who might benefit from assistance. Children may not be as discriminating when it comes to evaluating and validating websites before making an online purchase. Impulsive transactions and over-sharing information can be dangerous. And seniors who have less exposure to technology may be targets for scammers on the phone or online, so having a conversation or offering to help guide them will be appreciated and can save them a great deal of stress and inconvenience. Preventing cybercrime is a team effort!