Don’t click that link! Your guide to email and text scams

You are reading the Original Version (CLB5+) Read Simple Version (CLB3-4)

Skip to:

I received a text message saying: “You have received $89.95 from Manitoba Hydro”. It told me to click on a link so that the money will be sent via INTERAC. I was immediately skeptical since I am not the one who pays our hydro bill at home. I deleted the text and searched online for similar scams.

Random texts = smishing

The text I received is one of the most common ways to smish. Smishing is an attempt to get sensitive information via SMS. The goal is to get bank account numbers, passwords, credit card details, and even SIN (it’s phishing when done via email, and vishing if via a phone call). If I had clicked on the link from the text, it would have taken me to a page where I would be asked to provide my bank account information for them to supposedly deposit the money. Once I provided my information, it will be possible for the scammer to wipe out my account in a matter of minutes.

There are various versions of this scam:

  1. Porting fraud – This is one of the newest online scams. Porting is when a phone account allows a customer to change service providers while keeping the same phone number. Fraud happens when a scammer impersonates the customer and has the account transferred to another account they created (CTV News). The scammer then takes control of the account, including the customer’s other online accounts. Victims receive a text message from their provider informing them that they have received a request to send their number to another carrier, even if the customer did not request it. It will also ask them to click a link to contact them. If you receive a similar text message, don’t click on any link. Inform your provider immediately using their published number (not the number on the text message). Don’t ignore the message as some fraudsters are able to take over your account if you don’t take action. (Read: New scam uses your phone number to steal your online identity, Danton Unger, CTV News).
  2.  

  3. Canada Revenue Agency (CRA) tax refund – This is sent around January to April and will say that the CRA has sent your tax refund via INTERAC e-transfer. It could link to a legitimate-looking bank webpage (for example, RBC or BMO) where it will say you can click to claim or deposit the money. It can also link to a fake CRA webpage where you will need to key-in your SIN to validate your identity. The aim of this scam is to get your personal, bank account, or credit card information which they can use to steal money from you.
  4.  

  5. Your bank asking you to update your bank account information – This could be in the form of an email or text saying that your account has been frozen so you need to reconfirm your bank account details. Like the CRA scam, it is done to get your bank account details. Examples:
     
    “Due to your recent banking activities with your BMO card, please reconfirm your PVQ to avoid account suspension, use bmo-onlines.nut.cc/logon to secure.”

    “FROM: CIBC ONLINE BANKING SECURITY. As part of our commitment to help keep your account secure, we have added some extra security features. Please sign in to register: http://signin-cibc.com.”

    (Actual scam text examples from Text message fraud cost Canadians half a million dollars so far in 2016, Leslie Young, Global News, Nov. 15, 2016).

  6.  
    Scam text for mystery shopper

  7. Mystery Shopper – This is a job offer to become a secret shopper. You’ll need to click on a link and provide your full name. They will send you a cheque which you’ll need to deposit in your account. You will also be given a list of stores to shop. In one variation, the amount on the check will be more than what they told you. They’ll ask you to keep some money for yourself and wire transfer the rest to them. Other times, one of the stores in the list will be a money transfer service (like Western Union) and you’ll have to send a certain amount to a specified account.
     
    The trouble begins when your bank determines that the cheque is fake. This means you will be held liable for all the money you spent shopping. Meanwhile, the amount you wired goes straight to the pocket of the scammer.

How to protect yourself from SMS or email scams:

  1. Know that legitimate companies and organizations don’t use texts or calls for official communication – The government, your bank, and other trusted establishments will not call, email or text you for rebates, tax refunds, or ask for confidential information. For instance, the CRA will send you a letter by mail to inform you about refunds or changes to your account. If you have a My CRA Account, they’ll send an email informing you that you have communication coming from them. It will not contain the body of the message nor links. You would have to log-in to your account to read the message.
     
    If you want to make sure if a text from a trusted establishment is legitimate, call Customer Service to verify. If it looks suspicious, search online to check if it’s a common fraud. Go to the Canadian Anti-Fraud Centre to know the latest scams and frauds.
  2. Be suspicious if you don’t know the sender – Don’t click on any link or download anything if you don’t know the sender. You can end up with malware (malicious software) like viruses, spyware or ransomware that can hold your mobile phone and computer information hostage. Also, don’t call or text them them to ask. If it’s a scammer, calling them back will let them know that your number is active. They will use it again for other fraudulent activities.
  3. Check for typographical and grammatical errors – If the message or website has misspelled words, bad formatting (no punctuations, does not follow capitalization, or uses all caps) and wrong grammar, it’s a scam. Also, look at the link. Sites where you need to key-in personal information should start with https, not http. The ‘s’ stands for secure, which means all communication between your browser and the website are encrypted. Be suspicious of shortened links, or if the link is full of special characters.
  4. Don’t take a message seriously if you’re not expecting money or an email from someone – The message is most likely a fraud if it’s offering you something that’s too good to be true. However, if you know the person sending you the link, and you’ve been informed that they’ll send the message, you can still check the link without clicking on it. Right click on the link, copy it, then paste it on a service like CheckShortURL, Norton Safe Web, URLVoid, or ScanURL (How to test a suspicious link without clicking it, Andy O’Donnell, Lifewire). These sites may be able to tell you if the link is safe or not.
  5. Keep your personal information private – Don’t publish personal information on social media. As a general rule, be suspicious of emails or text messages asking you to update information in online accounts.
  6. Report it – Instead of deleting the MB Hydro text message I received, I should have forwarded it to my telecom provider or reported it to the Canadian Anti-Fraud Centre. Reporting it right away could prevent others from falling victim and help authorities stop fraud from spreading.

Article updated November 9, 2022.
 
Sources: Canada Revenue Agency warns of text message phishing scam, CTV news.ca; How to test a suspicious link without clicking it, Andy O’Donnell, Lifewire; How to protect yourself from telecom fraud, Bell; Text message fraud cost Canadians half a million dollars so far in 2016, Leslie Young, Global News, Nov. 15, 2016); and New scam uses your phone number to steal your online identity, Danton Unger, CTV News. Accessed October 23, 2017, updated February 20, 2020.

Back to top

Community Resources

Read Top 5 scams newcomers should be aware of to avoid being a victim of fraud.

Back to top

We'd love to hear from you!

Please login to tell us what you think.

Related Learning Activities

Digital Skills at Work- Week 3

Article thumbnail fallback

Course Description Digital Skills at Work (DSW) is a four-week course focusing on essential digital skills required to succeed in one’s career…. Read more »

Week 1 – Digital Citizenship

Laptop on desk for distance learning from home

Week 1 focuses on the key concepts of the digital world. Think about your daily life and the technology you… Read more »

WorkCom_Week 4

A woman giving a presentation at work

This is our last week of Workplace Communications. This time you are in the driver’s seat. We look forward to your presentation… Read more »

WorkCom_Week 3

A woman giving a presentation at work

We have now reached week 3 of Workplace Communications! This week, we are engaging in a number of activities that allow… Read more »

Back to top

CC BY-NC-SAText of this page is licensed under CC BY-NC-SA, unless otherwise marked. Please attribute to English Online Inc. and link back to this page where possible. For images and videos, check the source for licensing information.