Common scams 

1. Bank Inspector/Investigator Scam is a type of scam that uses vishing methods (See vishing tab) in which fraudsters pretend to be a bank official or law enforcement officer calling to review a fraudulent claim. They will attempt to trick customers into providing their own money to “aid” in a criminal investigation.

2. Bank Impersonation Scams are when fraudsters pose as legitimate organizations like your bank, claiming your account is in jeopardy or has been impacted by fraud and ask for the One-time password (OTP) that was sent to you just moments ago, to gain access your accounts or approve unauthorized transactions.

A One-time password (OTP) is a 6-digit verification code, that can be sent to you via text message or email or through Push notifications through a mobile app as a second so that you can input and verify your account. Banking with Scotiabank online or mobile app or signing into personal accounts may require you to provide a OTP to access your accounts.

3. Revenue agency Impersonation Scams - Fraudsters will pose as the representative of a government revenue agency to make claim that there are discrepancies from past tax returns demanding immediate payment. They use intimidation to threaten additional fees and/or jail time if payment is not received.

1. Hang up on suspicious calls immediately.

2. Never give out account or personal information over the phone including bank account and credit card details, passwords, PINs and SIN. Legitimate organizations will not need this information to verify you.

3. Revenue agency Impersonation - Fraudsters will pose as the representative of a government revenue agency to make claim that there are discrepancies from past tax returns demanding immediate payment. They use intimidation to threaten additional fees and/or jail time if payment is not received.

4. Never share your One-time password (OTP) over phone, email or SMS- always verify and use a secure site when inputting your OTP.

Remember, Scotiabank will not call you, send you emails or text messages, or present you with unexpected web pages asking you to validate or restore your confidential information such as your password, PIN, access code, credit card, account numbers, or account access.

If you aren’t sure whether it’s really Scotiabank calling, hang up and call 1-866-625-0561 and report it to us.

For a list of ways to connect with Scotiabank, please visit Contact Us.

If you’ve shared financial information, your One-time password, or suspect fraudulent behaviour, please call us immediately at 1-866-625-0561.

When you receive what looks to be an official email or text message, don’t act on it immediately. Take it slowly and carefully review what you received.

You might identify the following:    

• Unknown sender 
• A threatening tone
• Deals that are too good to be true
• A false sense of urgency
• Requests for sensitive information
• Links or attachments you weren’t expecting
• Irregular company colours, logos, or formatting
• Spelling and grammar mistakes
• Wrong message lures

Remember, phishing emails and smishing text messages use language that creates a sense of urgency in order to get you to react quickly without thinking.

You should never respond to or action any email or text that:

• Requires you to provide personal or financial information (login credentials, account numbers, tax identification numbers, etc.)
• Threatens to close or suspend your accounts if you don’t provide or verify personal information
• Claims your account has been compromised or that there has been fraudulent activity on your account and asks you to enter or verify your account information
• Claims the bank has lost important security information and needs you to update your information online
• Claims they messaged the wrong person and begins asking about your investments and other sensitive information 
• States that there are unauthorized charges on your account and requests your account information
• Asks you to enter your card number, password, access code, or account numbers into an email, pop-up window, form, or non-secure web page
• Asks you to confirm, validate, verify, or refresh your account, credit card, or financial information

Always remember that Scotiabank will not call you, send you emails or text messages, or present you with unexpected web pages asking you to validate or restore your confidential information such as your password, PIN, access code, credit card, account numbers, or account access.

If you’re suspicious of the message you received, never respond to emails, open attachments, or select links from institutions (even if reputable) or unknown senders asking for personal or financial information.

Trust your instincts:

• If an email looks suspicious, don’t select links or download attachments within that message

Double-check:

• If you have an existing relationship with the company or individual mentioned in the email, verify the validity of the contact and request by reaching out to them directly using a known contact number
• Make sure to use a phone number from a reputable source to contact the company, for example, the phone number on the back of your bank card

Hover over links:

• Attackers rely on shortened links, redirects, and fake email addresses that mimic those of a legitimate organization
• Before clicking a link, check its destination by hovering over it with your cursor (the visible part of the link is called the anchor and the destination is where the link leads)
• If you don’t recognize where the link is taking you or the destination does not match that of the organization, don’t click!
• Make sure the link is taking you to a secure website; if it begins with “https” instead of “http,” it means the site is secured using an SSL Certificate (the “s” stands for secure)

Don’t forward

• Never forward suspicious emails or text messages to family, friends, or colleagues as you could put them at risk

Never call a phone number that appears in a suspected phishing or smishing message and never respond to the message itself. Often, phishing emails and text messages will include fake contact information that will redirect you back to the fraudsters.

If you’ve received a fraudulent email, please forward it to phishing@scotiabank.com. Don’t remove or change the original subject line or the email in any way when you forward it.    

If you’ve entered personal information after selecting a link or suspect fraudulent behaviour, please call us immediately at 1-866-625-0561.

Before downloading or using a new app, look for the following:

• Is the name of the app publisher the same name as the retail app? Is the spelling correct?
• Does the app have user feedback and ratings? Has there been any negative feedback?
• How many people have downloaded the app? A high number is typically a good sign that the application is legitimate and not a copy 
• Does the company provide contact details, a website address, or email information?
• Does the app install require permissions outside of the app’s scope? For example, a calculator app that’s asking for access to your camera and contacts     
• Does the app have multiple pop-up ads and does it keep prompting you for your personal information?

Remember to only download apps from trusted sources, like the App Store or Google Play.

If you’re ever in doubt about whether an app is legitimate, use a search engine like Google to search for the company website. You can either send an email or call the company directly using the contact information listed on their website to verify the legitimacy of the app.

Make sure to report suspicious apps on the app store you’re using.

If you ever find an app impersonating an official Scotiabank-related app, send the app name, app store name, and a link to the app to phishing@scotiabank.com.

The most common phone scams involve:

• Malicious people impersonating government agencies, such as revenue, public health (COVID related), financial institutions, immigration services, justice departments, or local police services; if they sound threatening, it’s safe to assume it’s a scam
• Fake Bank investigators, inspectors or representatives asking money or sensitive information.
• Get-rich-quick schemes that are vague and have no apparent risk
• Fake charity solicitations asking for donations
• Prize winnings that require you to pay for shipping expenses
• A message that prompts you to visit a website and enter personal or financial information 

• Hang up on suspicious calls immediately
• Never give out account or personal information over the phone
• Never send money to a suspicious caller from a government agency or financial institution
• If you aren’t sure about the organization or person calling, verify the contact number and call back
• If you believe the fraudster poses a risk to your personal safety, call your local police.

If you aren’t sure whether it’s really Scotiabank calling, hang up and call 1-866-625-0561 and report it to us.

For a list of ways to connect with Scotiabank, please visit Contact Us.