I recently received a text message saying: “You have received $89.95 from Manitoba Hydro”. I was instructed to click on a link so that the money will be sent to me via INTERAC. Since I am not the one who pays our hydro bill at home, I was immediately skeptical. I deleted the text and searched online for similar scams.
Random texts = smishing
What did I discover? It turns out that this was one of the most common ways to smish. Smishing is an attempt to obtain sensitive information on SMS like bank account numbers, passwords, credit card details and even your SIN (it’s phishing when done via email, and vishing if via a phone call). Had I clicked on the link, it would have taken me to a page where I would need to provide my bank account information so that they can supposedly deposit the money. Once I provided my information, it may be possible for the scammer to wipe out my account in a matter of minutes.
There are various versions of this scam:
- Canada Revenue Agency (CRA) tax refund – This is sent around tax time (April-May) and will usually say that CRA sent you your tax refund via INTERAC e-transfer. It could link to a legitimate-looking bank webpage (for example, RBC or BMO) where it will say you can deposit the money. It can also link to a fake CRA webpage where you will need to key-in your SIN to validate your identity. The aim of this scam is to get your personal, bank account, or credit card information which they can use to get money from you.
- Your bank asking you to update your bank account information – This could be in the form of an email or text saying that your account has been frozen so you need to reconfirm your bank account details. Like the CRA scam, it is done to get your bank account details. Examples:
“Due to your recent banking activities with your BMO card, please reconfirm your PVQ to avoid account suspension, use bmo-onlines.nut.cc/logon to secure.”
“FROM: CIBC ONLINE BANKING SECURITY. As part of our commitment to help keep your account secure, we have added some extra security features. Please sign in to register: http://signin-cibc.com.”
(Actual scam text examples from Text message fraud cost Canadians half a million dollars so far in 2016, Leslie Young, Global News, Nov. 15, 2016).
Mystery Shopper – This is a job offer to become a secret shopper. All you need to do is click on a link and provide your full name. Then they will send you a cheque which you will need to deposit in your account. You will also be given a list of stores to shop in and try. In one variation, the amount on the check will be so big that they’ll instruct you to keep some money for yourself and wire transfer the rest to them. Other times, one of the stores in the list will be a money transfer service (like Western Union) and you’ll have to send X amount to specified account.
The trouble begins when your bank finds out that the cheque is fake. This means that you will be held liable for all the money you spent shopping. Meanwhile, the amount you wired goes straight to the pocket of the scammer.
How to protect yourself from SMS or email scams:
- Most legitimate companies and organizations don’t use text for official communication – The government, your bank, and other trusted establishments will not email or text you for rebates, tax refunds, or to ask for confidential information. For instance, to inform you about refunds or changes to your account, the CRA will send you a letter by mail. If you have a My CRA Account, they will email you that you have communication coming from them. It will not contain the body of the message nor links. You would have to log-on to your account to read the message.
If you want to make sure if a text coming from a trusted source is legitimate, call Customer Service first before clicking on anything. If it looks suspicious, search online to check if it’s a common fraud.
- If you don’t know the sender, be suspicious. Don’t click on any link or download anything. You can end up with malware (malicious software) like viruses, spyware, or ransomware that can hold your mobile phone or computer information hostage for ransom. Also don’t text them back or call them to ask. If it’s a scammer, then they will know that your number is genuine and may use it again for other fraudulent activities.
- Check for typographical and grammatical errors – If the message or website is full of misspelled words, bad formatting (no punctuations, does not follow capitalization or are in all caps), and wrong grammar, it’s a scam. Also check the link. Sites where you need to key-in confidential information should start with https, not http. The ‘s’ stands for secure, which means that all communication between your browser and the website are encrypted. Also be suspicious if it’s a shortened link, or if it’s full of special characters and ends in .com or .net (instead of .ca).
- If you are not expecting money or info/attachments – then the message is most likely a fraud. However, if you know the person sending you the link (and you’ve been informed that you will be sent one) but you’re still unsure if it is safe, you can check it without clicking it. Right click on the link, copy it, then paste it on a service like CheckShortURL, Norton Safe Web, URLVoid, or ScanURL (How to test a suspicious link without clicking it, Andy O’Donnell, Lifewire). These sites may be able to tell you if the link is safe or not.
- Report it – I regret that I deleted the MB Hydro scam text message I received. What I should have done was forwarded it to my telecom provider or reported it to the Canadian Anti-Fraud Centre. If you receive a scam text message, report it right away. Doing this could prevent others from falling victim to the scam and help authorities stop such frauds from proliferating.
Sources: Canada Revenue Agency warns of text message phishing scam, CTV news.ca; How to test a suspicious link without clicking it, Andy O’Donnell, Lifewire; How to protect yourself from telecom fraud, Bell; Text message fraud cost Canadians half a million dollars so far in 2016, Leslie Young, Global News, Nov. 15, 2016). All accessed October 23, 2017.
We'd love to hear from you!
Please login to tell us what you think.