Some emails look authentic, featuring corporate logos and layouts similar to the ones used by institutions for legitimate communication. Because these emails can look so official, unsuspecting recipients may reply to them, resulting in financial losses, identity theft and other fraudulent activity.
Obvious visual hints
- Spelling and grammar mistakes – Sometimes it's a case of the email being poorly written or the mistakes are intentional to get the email through spam filters.
- Sender is unknown – You've never communicated with this person or company before and have not signed up to receive any type of communication.
- Colours and formatting are off – Perhaps the colours are darker or lighter than the legitimate company normally uses; the text size is bigger, smaller, or not professional looking.
- Includes a link – The link is intended to take you elsewhere, for example to a hoax website. [link to Common Scams/Hoax Website tab]
Threatening tone of message
In general, phishing emails use language that creates a sense of urgency in order to get you to react without thinking. You should never respond to or action any email that:
- Requires you to enter personal information directly into the email or submit that information online.
- Threatens to close or suspend your accounts if you do not provide or verify personal information.
- Claims your account has been compromised or that there has been fraudulent activity on your account and requests you to enter, validate or verify your account information.
- States that there are unauthorized charges on your account and requests your account information.
- Claims the bank has lost important security information and needs you to update your information online.
- Asks you to enter your card number, password, access code or account numbers into an email, pop-up window, form or non-secure webpage.
- Asks you to confirm, validate, verify, or refresh your account, credit card, or financial information.
Always remember that Scotiabank will never send you unsolicited emails asking for confidential information, such as your password, PIN, Access Code, credit card and account numbers. We will never ask you to validate or restore your account access through email or pop-up windows.
Never respond to emails, open attachments, or click on suspicious links from reputable institutions or unknown senders asking for personal or financial information.
- Be suspicious of all unsolicited or unexpected emails you receive, even if they appear to originate from a trusted source like Scotiabank.
- Never click on a link in an email or pop-up window to go to a site. Type, or cut and paste, the URL into a new web browser window instead.
- Type in the Scotiabank web address yourself to ensure you are transacting with our server. You can also bookmark the URL to save time.
- Never call a number appearing on an email you suspect is fraudulent. In a new twist, phishing scams use a phony telephone number in the email. When you call, a person or an automated response asks for your personal and/or account information.
If you do have a relationship with the company mentioned in the email, call the company using the phone number from a reputable source like your statement or the phonebook.
If you have received a fraudulent email, please forward it to firstname.lastname@example.org. Please do not remove the original subject line, or change the email in any way when you forward it to us. If you have entered personal information after clicking on a link or suspect fraudulent behavior, please call us immediately at 1-800-4-SCOTIA (1-800-472-6842).