Report an incident or suspicious activity

Common scams

With cyberfraud incidents on the rise and fraudsters waging sophisticated attacks through phone, text, and email, it’s important to recognize the warning signs that someone is trying to scam you.

We’ve identified the most common scams that fraudsters are currently using to steal your money and personal information.

Am I being scammed?

It’s often difficult to tell the difference between a scam and an urgent request or a new opportunity. This tool will help you to determine whether or not you’re being targeted by a common scam and guide you to more information as to how to spot and avoid everyday scams.

Common Scam Identifier Tool

Common scams that target your personal information

Phishing and smishing

Phishing is a form of fraud where cyber criminals use emails to trick you into providing personal or sensitive information that can be used for fraudulent purposes. You may be asked to disclose confidential financial and personal information, like passwords, credit card numbers, access codes, or tax identification numbers.

Emails tend to look authentic, featuring corporate logos and layouts similar to those used by institutions for legitimate communications. Some fraudsters also use fake (spoofed) email addresses that appear to be sent from authentic organizations.

Scam artists have also found a way to send fraudulent messages to mobile phones. Smishing is similar to phishing, except that fraudsters will send scam messages through text (SMS).

Be aware that some phishing and smishing scams try to trick you into downloading malicious software (malware) onto your computer or phone. Fraudsters do this by disguising malware as normal file attachments or as links within emails and text messages.

Once downloaded, malware can delete, corrupt, or encrypt (lock) your files, steal sensitive personal or financial data, or, in rare cases, damage hardware.

When you receive what looks to be an official email or text message, don’t act on it immediately. Take it slowly and carefully review what you received.

You might identify the following:

Unknown sender
A threatening tone
Deals that are too good to be true
A false sense of urgency
Requests for sensitive information
Links or attachments you weren’t expecting
Irregular company colours, logos, or formatting
Spelling and grammar mistakes

Remember, phishing emails and smishing text messages use language that creates a sense of urgency in order to get you to react quickly without thinking.

You should never respond to or action any email or text that:

Requires you to provide personal or financial information (login credentials, account numbers, tax identification numbers, etc.)
Threatens to close or suspend your accounts if you don’t provide or verify personal information
Claims your account has been compromised or that there has been fraudulent activity on your account and asks you to enter or verify your account information
Claims the bank has lost important security information and needs you to update your information online
States that there are unauthorized charges on your account and requests your account information
Asks you to enter your card number, password, access code, or account numbers into an email, pop-up window, form, or non-secure web page
Asks you to confirm, validate, verify, or refresh your account, credit card, or financial information

Always remember that Scotiabank will never send you unsolicited emails or text messages asking for confidential information, such as your password, PIN, Access Code, credit card, and account numbers. We will never ask you to validate or restore your account access through email or pop-up windows.

If you’re suspicious of the message you received, never respond to emails, open attachments, or select links from institutions (even if reputable) or unknown senders asking for personal or financial information.

Trust your instincts:

If an email looks suspicious, don’t select links or download attachments within that message

Double-check:

If you have an existing relationship with the company or individual mentioned in the email, verify the validity of the contact and request by reaching out to them directly using a known contact number
Make sure to use a phone number from a reputable source to contact the company, for example, the phone number on the back of your bank card

Hover over links:

Attackers rely on shortened links, redirects, and fake email addresses that mimic those of a legitimate organization
Before clicking a link, check its destination by hovering over it with your cursor (the visible part of the link is called the anchor and the destination is where the link leads)
If you don’t recognize where the link is taking you or the destination does not match that of the organization, don’t click!
Make sure the link is taking you to a secure website; if it begins with “https” instead of “http,” it means the site is secured using an SSL Certificate (the “s” stands for secure)

Don’t forward

Never forward suspicious emails or text messages to family, friends, or colleagues as you could put them at risk

Never call a phone number that appears in a suspected phishing or smishing message and never respond to the message itself. Often, phishing emails and text messages will include fake contact information that will redirect you back to the fraudsters.