Common scams 

It’s important to take things slowly and to carefully review websites you access through email/SMS links or online ads.

It’s only by slowing down that you start noticing suspicious elements within the website:

• The website URL starts with “http” instead of “https” (the “s” stands for secure) and does not display a tiny padlock icon in the address bar
• The site looks poorly designed, unprofessional, and has broken links
• You can't find an address or phone number for the business; follow up with a Google search of the business name to see if there are other sites that show a different address
• Sales, return, and privacy policies are hard to find or unclear
• The back button is disabled, and you get stuck on a page and can't go back
• You're asked for credit card information anytime other than when you’re making a purchase

You can develop good habits to protect yourself from online shopping fraud.

Never respond to pop-up messages on a website that asks for your financial information.

If the price of an item or the opportunity presented seems way too good to be true, don’t select the link provided until you’ve researched the price of other retailers. Instead of selecting a link in a text message or email, use a search engine like Google to search for the company’s legitimate website and find the deal you’re looking for. 

You can also use the email or phone number listed on their website to contact the company to validate the offer.

If you’re a Scotiabank customer and believe you’ve been impacted by online fraud, immediately call us at 1-866-625-0561.

Make sure to also report all shopping scams to your local police department.

When you receive what looks to be an official email or text message, don’t act on it immediately. Take it slowly and carefully review what you received.

You might identify the following:    

• Unknown sender 
• A threatening tone
• Deals that are too good to be true
• A false sense of urgency
• Requests for sensitive information
• Links or attachments you weren’t expecting
• Irregular company colours, logos, or formatting
• Spelling and grammar mistakes
• Wrong message lures

Remember, phishing emails and smishing text messages use language that creates a sense of urgency in order to get you to react quickly without thinking.

You should never respond to or action any email or text that:

• Requires you to provide personal or financial information (login credentials, account numbers, tax identification numbers, etc.)
• Threatens to close or suspend your accounts if you don’t provide or verify personal information
• Claims your account has been compromised or that there has been fraudulent activity on your account and asks you to enter or verify your account information
• Claims the bank has lost important security information and needs you to update your information online
• Claims they messaged the wrong person and begins asking about your investments and other sensitive information 
• States that there are unauthorized charges on your account and requests your account information
• Asks you to enter your card number, password, access code, or account numbers into an email, pop-up window, form, or non-secure web page
• Asks you to confirm, validate, verify, or refresh your account, credit card, or financial information

Always remember that Scotiabank will not call you, send you emails or text messages, or present you with unexpected web pages asking you to validate or restore your confidential information such as your password, PIN, access code, credit card, account numbers, or account access.

If you’re suspicious of the message you received, never respond to emails, open attachments, or select links from institutions (even if reputable) or unknown senders asking for personal or financial information.

Trust your instincts:

• If an email looks suspicious, don’t select links or download attachments within that message

Double-check:

• If you have an existing relationship with the company or individual mentioned in the email, verify the validity of the contact and request by reaching out to them directly using a known contact number
• Make sure to use a phone number from a reputable source to contact the company, for example, the phone number on the back of your bank card

Hover over links:

• Attackers rely on shortened links, redirects, and fake email addresses that mimic those of a legitimate organization
• Before clicking a link, check its destination by hovering over it with your cursor (the visible part of the link is called the anchor and the destination is where the link leads)
• If you don’t recognize where the link is taking you or the destination does not match that of the organization, don’t click!
• Make sure the link is taking you to a secure website; if it begins with “https” instead of “http,” it means the site is secured using an SSL Certificate (the “s” stands for secure)

Don’t forward

• Never forward suspicious emails or text messages to family, friends, or colleagues as you could put them at risk

Never call a phone number that appears in a suspected phishing or smishing message and never respond to the message itself. Often, phishing emails and text messages will include fake contact information that will redirect you back to the fraudsters.

If you’ve received a fraudulent email, please forward it to phishing@scotiabank.com. Don’t remove or change the original subject line or the email in any way when you forward it.    

If you’ve entered personal information after selecting a link or suspect fraudulent behaviour, please call us immediately at 1-866-625-0561.

Before downloading or using a new app, look for the following:

• Is the name of the app publisher the same name as the retail app? Is the spelling correct?
• Does the app have user feedback and ratings? Has there been any negative feedback?
• How many people have downloaded the app? A high number is typically a good sign that the application is legitimate and not a copy 
• Does the company provide contact details, a website address, or email information?
• Does the app install require permissions outside of the app’s scope? For example, a calculator app that’s asking for access to your camera and contacts     
• Does the app have multiple pop-up ads and does it keep prompting you for your personal information?

Remember to only download apps from trusted sources, like the App Store or Google Play.

If you’re ever in doubt about whether an app is legitimate, use a search engine like Google to search for the company website. You can either send an email or call the company directly using the contact information listed on their website to verify the legitimacy of the app.

Make sure to report suspicious apps on the app store you’re using.

If you ever find an app impersonating an official Scotiabank-related app, send the app name, app store name, and a link to the app to phishing@scotiabank.com.

The most common phone scams involve:

• Malicious people impersonating government agencies, such as revenue, public health (COVID related), financial institutions, immigration services, justice departments, or local police services; if they sound threatening, it’s safe to assume it’s a scam
• Fake Bank investigators, inspectors or representatives asking money or sensitive information.
• Get-rich-quick schemes that are vague and have no apparent risk
• Fake charity solicitations asking for donations
• Prize winnings that require you to pay for shipping expenses
• A message that prompts you to visit a website and enter personal or financial information 

• Hang up on suspicious calls immediately
• Never give out account or personal information over the phone
• Never send money to a suspicious caller from a government agency or financial institution
• If you aren’t sure about the organization or person calling, verify the contact number and call back
• If you believe the fraudster poses a risk to your personal safety, call your local police.

If you aren’t sure whether it’s really Scotiabank calling, hang up and call 1-866-625-0561 and report it to us.

For a list of ways to connect with Scotiabank, please visit Contact Us.