Common scams

With cyberfraud incidents on the rise and fraudsters waging sophisticated attacks through phone, text, and email, it’s important to recognize the warning signs that someone is trying to scam you.

We’ve identified the most common scams that fraudsters are currently using to steal your money and personal information.

Am I being scammed?

It’s often difficult to tell the difference between a scam and an urgent request or a new opportunity. This tool will help you to determine whether or not you’re being targeted by a common scam and guide you to more information as to how to spot and avoid everyday scams.

Common Scam Identifier Tool

Common scams that target your personal information

Phishing and smishing

Phishing is a form of fraud where cyber criminals use emails to trick you into providing personal or sensitive information that can be used for fraudulent purposes. You may be asked to disclose confidential financial and personal information, like passwords, credit card numbers, access codes, or tax identification numbers.

Emails tend to look authentic, featuring corporate logos and layouts similar to those used by institutions for legitimate communications. Some fraudsters also use fake (spoofed) email addresses that appear to be sent from authentic organizations.

Scam artists have also found a way to send fraudulent messages to mobile phones. Smishing is similar to phishing, except that fraudsters will send scam messages through text (SMS), often in the form of suspicious links.

When it comes to SMS, look out for the wrong number scam. Fraudsters will text you pretending to have messaged the wrong person, this is done to open the lines of communication. Once you respond and establish a connection they will transition to talking about investments or crypto scams, often trying to gather your sensitive information.

Be aware that some phishing and smishing scams try to trick you into downloading malicious software (malware) onto your computer or phone. Fraudsters do this by disguising malware as normal file attachments or as links within emails and text messages.

Once downloaded, malware can delete, corrupt, or encrypt (lock) your files, steal sensitive personal or financial data, or, in rare cases, damage hardware.

When you receive what looks to be an official email or text message, don’t act on it immediately. Take it slowly and carefully review what you received.

You might identify the following:

Unknown sender
A threatening tone
Deals that are too good to be true
A false sense of urgency
Requests for sensitive information
Links or attachments you weren’t expecting
Irregular company colours, logos, or formatting
Spelling and grammar mistakes
Wrong message lures

Remember, phishing emails and smishing text messages use language that creates a sense of urgency in order to get you to react quickly without thinking.

You should never respond to or action any email or text that:

Requires you to provide personal or financial information (login credentials, account numbers, tax identification numbers, etc.)
Threatens to close or suspend your accounts if you don’t provide or verify personal information
Claims your account has been compromised or that there has been fraudulent activity on your account and asks you to enter or verify your account information
Claims the bank has lost important security information and needs you to update your information online
Claims they messaged the wrong person and begins asking about your investments and other sensitive information
States that there are unauthorized charges on your account and requests your account information
Asks you to enter your card number, password, access code, or account numbers into an email, pop-up window, form, or non-secure web page
Asks you to confirm, validate, verify, or refresh your account, credit card, or financial information

Always remember that Scotiabank will not call you, send you emails or text messages, or present you with unexpected web pages asking you to validate or restore your confidential information such as your password, PIN, access code, credit card, account numbers, or account access.

If you’re suspicious of the message you received, never respond to emails, open attachments, or select links from institutions (even if reputable) or unknown senders asking for personal or financial information.

Trust your instincts:

If an email looks suspicious, don’t select links or download attachments within that message

Double-check:

If you have an existing relationship with the company or individual mentioned in the email, verify the validity of the contact and request by reaching out to them directly using a known contact number
Make sure to use a phone number from a reputable source to contact the company, for example, the phone number on the back of your bank card

Hover over links:

Attackers rely on shortened links, redirects, and fake email addresses that mimic those of a legitimate organization
Before clicking a link, check its destination by hovering over it with your cursor (the visible part of the link is called the anchor and the destination is where the link leads)
If you don’t recognize where the link is taking you or the destination does not match that of the organization, don’t click!
Make sure the link is taking you to a secure website; if it begins with “https” instead of “http,” it means the site is secured using an SSL Certificate (the “s” stands for secure)

Don’t forward

Never forward suspicious emails or text messages to family, friends, or colleagues as you could put them at risk

Never call a phone number that appears in a suspected phishing or smishing message and never respond to the message itself. Often, phishing emails and text messages will include fake contact information that will redirect you back to the fraudsters.