Skip to main content

Date: April 2024
Type: False Advertisements/Website, SMS
Status: Active

Beware of Phishing Scams Targeting Canadians During Tax Month

What to look out for:

As the tax filing deadline approaches in Canada, we are once again observing a spike in phishing attacks targeting Canadians via SMS, emails, and phone calls. These scams may claim to be notifications and links regarding the following (but are not limited to):

  • Outstanding tax owing
  • Eligible tax refunds
  • Fake CRA sites
  • Tax filing portals
  • Tax filing services or assistance

These scams may also contain the following keywords if there is a linked URL (but again, are not limited to):

  • CRA
  • revenue
  • refund
  • gst/hst
  • tax

What you should know:

The CRA will not ask you by text message or email for personal information, bank information, payments by e-transfers or gift cards. While the CRA may notify you of new tax-related communications via email, these messages must be read by signing in to your CRA account at Canada.ca.

In addition, the CRA will never issue refunds via Interac e-Transfer. Should you click any link directing you to an Interac page, close the page immediately. All CRA payments are sent through Direct Deposit or mailed to you by cheque.

What should you do?

  • Do not click on links in unsolicited emails and text messages. This applies to all messages, but remain especially vigilant regarding tax matters this month.
  • Only file your taxes through the Official methods. Never attempt to file taxes through links sent to you, or over the phone with someone you do not know and trust. Available CRA tax filing options are listed here: https://www.canada.ca/en/services/taxes/income-tax/personal-income-tax/get-ready-taxes/ways.html
  • Delete the email or text message immediately. If you receive a message you suspect to be spam, delete it immediately.

For more information about protecting yourself against CRA Scams, please visit https://www.canada.ca/en/revenue-agency/corporate/security/protect-yourself-against-fraud/scam-alerts.html.

Date: March 2024
Type: False Advertisements/Website, SMS
Status: Active

Be Aware of Phishing Messages Containing RBC and Other Bank Logos

What to look out for:

In previous Scam Alerts, we’ve discussed some tricky text-related methods that Fraudsters use to lure clicks, such as:

  • Replacing letters with numbers, other types of “lookalike” characters, or adding extra letters.
  • Hiding a phishing link behind a URL that looks like a legitimate RBC URL.

However, sometimes all it takes is the use of a familiar, “trusted” image (like the RBC logo) to get a victim to fall for the scam. Malicious messages may utilize bank logos or include image previews from their phishing websites to appear trustworthy, and the use of familiar logos can create a false sense of security – making it easier for unsuspecting individuals to fall victims to these scams.

What should you do?

  • Exercise caution. Remain vigilant about messages from unknown senders, even if the message contains RBC logos, or logos from other reputable brands.
  • Exercise caution when clicking any links. If you were not expecting a message from RBC or suspect that it is not a legitimate request, do not click on the link.
  • You can help us by forwarding the phishing email or attaching a screenshot of a fraudulent text message to phishing@rbc.com
  • Delete the email or text message immediately. If you receive a message you suspect to be spam, delete it immediately.

Date: February 2024
Type: False Advertisements/Website, SMS
Status: Active

Fake Job Opportunities

Details of the scam:

Social media platforms are being increasingly leveraged by cyber criminals to spread malicious software (malware). Fake job postings or business opportunities might be used to lure users to download the malware.

Victims will receive direct messages from false recruiters with very attractive job opportunities, via LinkedIn or Facebook. The message contains a link to what is supposed to be the job description. When clicking the link, the malware will be downloaded.

Note: The job description could be hosted in a legitimate website (e.g. Dropbox, Google Drive, iCloud etc.)

Red Flags to look out for:

Before clicking any links or downloading any attachments:

  • Always check the legitimacy of the recruiter sending you the message.
    Does their profile have enough information about their experience and background? If not, it may be a fake profile.
  • Check the legitimacy of the job post.
    Is the job posted on LinkedIn or on the company’s website? If not, it may be a fake opportunity.
  • Beware of opportunities that seem too good to be true. A salary that is way above average, unrealistic profits for a new business, or unusual benefits are all red flags.

What should you do?

If you received a fake job posting:

  • Don’t click on links from unknown senders. Even if the sender’s address looks legitimate, remain cautious as it is possible for fraudsters to craft fake email addresses to appear real.
  • Delete the email or text message immediately. If you receive a message you suspect to be spam, delete it immediately.
  • Report it to the job site immediately.

Good afternoon, sorry to disturb you.
We are looking for 1,000 online media workers.
The only condition: must have a Canadian SIN or (foreigner who has worked here for more than one year)
Job Description: Requires review of product web pages to increase product awareness and sales.

  • No investment, no work experience, age (25-60 years old).
  • Salary: 150 to 300 Canadian dollars per day.
  • Working on the mobile phone is easy and convenient, and the work can be completed in 50-80 minutes of free time.
  • The first 100 participants on the day will have a chance to win $10 CAD.

If you are interested, please answer 1 and click on the Whats App link to learn more! https://

Date: January 2024
Type: False Advertisements/Website, SMS
Status: Active

Fake QR Codes - Quishing

Details of the scam:

You may have noticed that QR codes gained popularity during the pandemic - especially at restaurants as an alternative to printed menus. QR codes also continue to be a popular way to link to a website while attending an in-person event. Although convenient, QR codes can be used to trick you! Hackers are taking advantage of their popularity and sending phishing e-mails with malicious QR codes.

Red Flags to look out for:

You receive an unexpected message with a QR code attached, requesting you to scan it.

  • Scanning the QR code will take you to a malicious website that can steal your credentials or download malware (malicious software).
  • The e-mail might mimic well-known brands, like Adobe or Docusign, or emulate a message from a client.
  • The attachment could be any file type that displays an image. Some common file types include: .pdf, .docx, .html and .eml (Outlook e-mail format).

Other Red Flags:

  • Senders you don’t recognize: Avoid clicking on any links received from an unknown sender.
  • Unexpected QR codes: QR codes are typically used for in-person events, so an email with a QR code is out of the ordinary and can be suspicious.
  • Domain of the website: If you happen to scan the QR code, review the link before clicking the website. If it’s from a website you don’t recognize, that’s a red flag.

What should you do?

  • Don’t click on links or scan QR Codes from unknown senders.
  • Delete the email or text message immediately. If you receive a message you suspect to be spam, delete it immediately.
  • Exercise caution when scanning any QR Codes. Rather than scanning the code, go to the website directly.

Date: December 2023
Type: False Advertisements/Website, SMS
Status: Active

Telecom Refund Scams

Details of the scam:

Like other methods discussed in previous posts (Package Delivery scams – May 2023, Interac e-Transfer scams – March 2023) another common tactic targeting Canadians is the use of fake Telecom company refunds by masquerading as companies like Rogers, Bell, or Telus.

Victims will receive smishing and phishing messages stating that they are eligible for a refund due to a variety of reasons, such as outages, goodwill, or account corrections. These messages include a link directing them to a realistic-looking Telecom company phishing page and will appear to offer a refund via Credit Card or Debit. If Debit is selected, the victim will be directed to a fake Interac e-Transfer page where they will proceed to select their bank.

Keep in mind that Telecom companies will never send SMS messages regarding refunds, or issue refunds via e-Transfer or Credit Card. Any messages received should be deleted immediately.

Red Flags to look out for:

  • You receive any SMS/emails informing you of a refund with a Telecom company regarding any reason.
  • You receive a message regarding a refund or credit that you were not expecting.

What should you do?

  • Don’t click on links from unknown senders. Take care when clicking on any links received from an unknown sender.
  • Exercise caution when clicking email links from known senders. Even if the sender’s address looks legitimate, remain cautious as it is possible for fraudsters to craft fake email addresses to appear real.
  • Delete the text message immediately. If you receive a message you suspect to be spam, delete it immediately.

Date: November 2023
Type: False Advertisements/Website, SMS
Status: Active

Beware of investment scams involving cryptocurrency:

1. Details of the scam:

An investment scam is when a fraudster offers an individual the opportunity to invest, often using cryptocurrency, and promises a high rate of return in a short amount of time. These offers can be solicited through online ads where the victim is redirected to a website, but may also be unsolicited; in either case, there is time pressure to ensure the individual commits before they have time to complete their research on the investment opportunity.

Scammers will create fake accounts on websites or on social media that appears to be legitimate. They will reach out to individuals to invest in cryptocurrencies and promise them massive profits, even sharing ‘screen captures’ or live ‘trend graphs’ showcasing the progress of their investment. Note that these types of returns cannot be guaranteed, and anyone who promises a no-risk investment is most likely a scammer.

Cryptocurrency, along with other forms of payment such as gift cards, are often preferred by scammers because they are untraceable once they have left your account.

In most cases, victims of an investment scam will lose not only their investment but also their personal and financial information, leaving them vulnerable to identity theft.

2. Red Flags to look out for:

  • Be mindful of individuals or services promising high (or quick) returns and unrealistic investment opportunities. If an opportunity sounds too good to be true, it’s a scam.
  • If the individual contacts you in an unsolicited manner for an investment opportunity, either by phone, online or via social media, it is likely not legitimate.
  • Investment scams are often tied to romance scams; if you are dating online and a romantic interest suddenly turns into an investment opportunity, you are dealing with a fraudster.
  • Fraudsters will often showcase testimonials from "satisfied customers" to increase their credibility – do not let these hinder your decision making.
  • Watch for grammatical errors in communications with the buyer. It may indicate that they are not the professional they claim to be.

3. What should you do to prevent becoming a victim of an investment scam?

  • Do your homework and take time to research the offer. Scammers will rush you to into making a decision by telling you it’s a limited offer or that you can get a rebate if you invest today.
  • Only send cryptocurrency to people you trust; it is always best to know the person to whom you are transferring money.
  • Avoid sending funds to a third party. All transactions should be completed with the same person you initially engaged with.
  • Complete your due diligence to verify the individual’s accreditation by making telephone calls and sending emails using trusted sources.
  • Contact or visit your provincial security commission’s website to verify if the entity who you are in contact with is legally allowed to provide financial services in your jurisdiction. Contact Us - Canadian Securities Administrators (securities-administrators.ca) (Opens in new tab)
  • Never provide copies or images of your identification or banking details.
  • Ensure you have direct access to your investment account and can independently verify performance. Be wary of investing via a third party.

Date: October 2023
Type: SMS
Status: Active

Realistic Looking URLs from Fake RBC Text Messages

1. Details of the scam:

With the increase in scam SMS messages (“smishing” messages) sent to Canadians targeting their bank accounts, clients must exercise caution when clicking on URLs sent to them. However, even the most eagle-eyed recipient may fall for the use of Punycode to disguise phishing URLs, making them look like legitimate domains.

In this scam method, punycode is what Fraudsters can use to replace “regular” characters in a URL with a different, similar character, directing clients to a phishing site. This can make it very tricky to differentiate between a legitimate and fake URL, since these links may look almost exactly like the real thing at first glance.

See the following example of a smish using punycode:

message scam

This may look like the legitimate domain belonging to RBC. Pause and look carefully, you may notice that the ‘r’ in ‘rbc.com’ is underlined and is the character: ‘ṟ ‘. By clicking this link, the scam victim would be directed to a phishing website using the domain “ṟbc”, which is not the same as “rbc.com”.

In this second sample, it seems like the legitimate ‘rbconlinebanking.com’ domain at first. Assess closely and you will notice the dot under the ‘k’, replacing it with a ‘ḳ’ (a ‘k’ with a small dot underneath):

message scam

Red Flags to look out for:

  • You receive any SMS asking you to log in to your RBC account.
  • You receive any SMS stating that there is an issue with your RBC account.
  • You receive any SMS with a link to any RBC website, even if it looks legitimate.
  • Any kind of password reset is requested.

2. What should you do?

  • Don’t click on links in email or text messages. Take care when clicking on any links received from anybody, even if you know the person.
  • Don’t click on links from unknown senders. Take care when clicking on any links received from an unknown sender.
  • Delete the text message immediately. If you receive a message you suspect to be spam, delete it immediately.
  • You can help us by forwarding the phishing email or attaching a screenshot of a fraudulent text message to phishing@rbc.com

Date: September 2023
Type: Fake Website
Status: Active

RBC will never send an email requesting a password reset if there is a problem with your account.

1. Details of the scam:

RBC clients are seeing an increased number of sophisticated phishing emails impersonating RBC and requesting that the client resets their password due to suspected fraud on their account. When the link is clicked, the client will be redirected to a fraudulent RBC Online Banking site that steals client credentials.

At first glance, these emails may appear very legitimate due to the message’s urgency and formality. Some of the information (like phone numbers and instructions) may even be real, in attempt to further increase the chances of luring a victim. Additionally, legitimate-looking links in the message will hide the true URL behind it, which directs the client to a phishing site.

2. Fraudsters may attempt to use some of the following fake reasons to lure clients into their scams:

  • Your account is locked.
  • Fraud was detected on your account.
  • There is an error with your bank account.
  • Your credit/debit card is locked.
  • Your account has been compromised.

RBC would never request a password reset for any of the above reasons! If RBC detects fraudulent activity on your account, we will contact you directly via the phone number associated on your account.

Examples

rentals scam rentals scam

Red Flags to look out for:

  • The sender of the email does not end in “rbc.com”.
  • Any kind of password reset is requested.

3. What should you do?

  • Don’t click on links in email or text messages. Take care when clicking on any link, even those appearing at the top of search engine results. Float a cursor over the URL before you click or enter credentials.
  • Delete the email or text message immediately. Do not click on any unsolicited links.
  • Pay attention before and after you click on links. Before entering your passwords or personal information, verify the URL is for a genuine website, and not an IP address. Keep in mind that scammers can create very realistic-looking fake websites.
  • You can help us by forwarding the phishing email or attaching a screenshot of a fraudulent text message to phishing@rbc.com

Date: August 2023
Type: Fake Website
Status: Active

Beware of Rental Scams and Fraudulent Renters:

1. Details of the scam:

A Rental Scam is when a fraudster creates a fake advertisement for a room or property rental to steal money from interested renters. In this scam, would-be tenants are tricked into paying an upfront fee or deposit to secure the rental, when the property does not exist, has already been rented out, or has been rented to multiple people at the same time.

On the flip side, Fraudulent Renters target legitimate landlords. There are several ways that fraudulent renters commit scams:

  • They pretend to be a renter aiming to get financial or personal information from the landlord.
  • They say they are moving in but plan to use it as a rental property to generate income for themselves.
  • They send a payment (cheque, e-transfer) in an amount greater than the cost of rent and ask for a partial refund due to over payment.
  • The payment is subsequently identified as fraud and debited from the account, leaving the victim responsible for any losses.

2. Red Flags to look out for:

As a Renter:

  • Multiple ads for the same property but with different contact information for the landlord.
  • The listing is vague or has typos, poor grammar, or excessive punctuation.
  • The asking rent seems too good to be true.
  • The landlord does not want to meet in person or states that they are out of the country.
  • They do not allow you to visit the property before signing the lease.
  • They ask for rent or a security deposit before signing the lease.
  • There is pressure to sign or make a payment right away.

As a Landlord:

  • The renter is not interested in learning more about the property or coming to see it first.
  • The renter does not consent to a credit check or are hesitant to provide references.
  • The account holder name on the deposit cheque does not match the name on the rental application or lease.

3. What should you do?

As a Renter

  • Only rent via reputable websites and sources.
  • Schedule a face-to-face meeting and research the landlord, real estate agent or property manager that’s listing the property.
  • Whenever possible, visit the property in person and complete a walkthrough.
  • Make sure you properly read through the contract before signing a lease to ensure that it is complete and that you are sufficiently protected by the terms and conditions.
  • If you are a victim of a rental scam, contact local law enforcement immediately. Ensure that you cancel any pending payment transactions to the landlord and/or put a hold on cheques that have not been cashed.

As a Landlord:

  • Offer to have the potential renter come by for a walkthrough of the property.
  • Vet rental applicants by verifying ID documents, performing background and credit checks using reputable websites and contacting references.
    If you are the victim of a fraudulent renter, contact local law enforcement immediately. Do not accept any additional payments from the renter or cash any cheques that have been provided. If you have accepted funds from the renter, it is important that you do not withdraw or spend the money. Once the payment has been confirmed fraudulent, the funds will be debited from your account.

Examples 1

Examples 2

Date: July 2023
Type: Fake Website
Status: Active

Pay Attention to the Website Address (URL) in the Address Bar When Entering Banking Information

1. Details of the scam:

With rapidly evolving technology, events, and social trends, scammers continue to develop creative methods of luring victims into phishing attacks. However, many of these attacks often have commonalities that we can use to easily identify scams.

One easy method of identifying a phishing scam is by paying attention to the website address (URLs) that the Banking site is hosted on and checking if it is an IP Address. You will never be asked by RBC or any other Financial Institution to conduct transactions or enter banking information on websites hosted on IP Addresses.

2. What is an IP Address?

To put it simply, an IP address is a string of numbers (such as 192.168.1.1) that the internet uses to translate the human-readable website addresses we use into computer language. Since words and characters are easier for us to remember, legitimate website owners will use a web address to direct users to their websites (e.g., www.rbcroyalbank.com, www.royalbank.ca, www.rbc.com, etc.)

RBC (or any legitimate organization) will never ask their customers to access their websites via an IP address. However, this is a common practice by scammers as it prevents them from needing to purchase a new phishing web address each time one is identified as a scam.

Examples

Red Flags to look out for:

  • The text in the email or text message contains numbers instead of words and letters.
  • Your browser’s address bar contains numbers instead of words and letters even though you see RBC content.

3. What should you do?

  • Don’t immediately click on links. Take care when clicking on any link, even those appearing at the top of search engine results. Float a cursor over the URL before you click or enter credentials.
  • Delete the email or text message immediately. Do not click on any unsolicited links.
  • Pay attention before and after you click on links. Before entering your password or personal information, verify the URL is for a genuine website and not an IP address. Keep in mind that scammers can create very realistic looking websites.
  • You can help us by forwarding the phishing email or attaching a screenshot of a fraudulent text message to phishing@rbc.com

Date: June 2023
Type: Phone
Status: Active

Fraudulent Phone Call Regarding Visa Charge

1. Details of the scam:

A call is received from what is displayed on a caller ID as a toll-free number. A recorded message states the call is from RBC and pertains to a fraud issue however no client name is mentioned.

After a moment which may include hold music, the caller may be transferred to a voicemail and asked to leave their contact information. A scam perpetrator will subsequently call the victim back and attempt to obtain Personal Identifiable Information (PII) and banking information while impersonating a VISA credit card security department representative. The goal being to conduct financial fraud.

2. What should you know:

Always remember that RBC Fraud Prevention representative will never ask a client to divulge banking or personal information on an outbound call. RBC relies on various methods to authenticate transactions and we may send you a SMS with One-Time Passcodes under various circumstances. RBC employee will never ask you to share this code by reading it back to us or by entering it on your phone keypad.

Red Flags to look out for:

  • An automated system that calls you to place you on hold right away.
  • A supposedly national, large operation call center that relies on a voicemail to compile client call back requests. RBC does not have/use a voicemail to facilitate call backs.
  • A caller identifying themselves as an RBC staff asking you to confirm personal and banking information or to read out a code you receive by SMS.

3. What should you do?

  • Remember to never disclose any personal information or banking to strangers or unverified persons including PIN, One-Time Passcodes, and answers to digital banking Personal Verification Questions (PVQs)
  • If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, please call us immediately.

    • 1-800-769-2511 (telephone banking)
    • 1-800-769-2555 (online/mobile banking)
    • 1-800-769-2512 (credit cards)
    • 1-800-769-2535 (RBC Express online banking Client Support Centre)
    • RBC Bank (Georgia), N.A.: 1-800-769-2553
    • TDD/TYY: 1-800-661-1275
    • Outside Canada and the U.S.: Reach us using our International Toll-Free Service.
    • If you live in the U.S. please also contact your local authorities as well as the FTC (Federal Trade Commission) at 1-877-438-4338.
  • Report the unsolicited fraudulent phone call to:

  • If you answer the phone and the caller - or a recording - asks you to hit a button to stop getting the calls, hang up. Scammers often use this trick to identify potential targets.
  • Do not respond to any questions, especially those that can be answered with "Yes" or "No."

Example of recorded message:

Thank you for calling RBC fraud prevention center. One of our fraud specialists will be with you shortly. Please hold while I try to connect you.

Download recorded message

Voicemail for RBC fraud:

No one is available to take your call. At the tone, please record your message, when you finish recording you may hang up or press the pound key for more options.

Date: May 2023
Type: Fake Website
Status: Active

Package Delivery Phishing/Smishing Scams

Use Caution When Opening Links from Package Delivery/Courier Services

1. Details of the scam:

The drastic rise of e-commerce has resulted in an increase of scammers sending fake shipping notices from popular courier services. Scammers are taking advantage of this by sending phishing SMS and emails to trick unsuspecting Canadians into submitting their banking information.

The messages claim that the recipient has a parcel waiting but must pay a customs or rescheduling fee, which needs to be done online via the attached link. This link directs the recipient to a genuine-looking phishing site for the courier service, where they will be tricked into either entering their credit card or banking information.

2. What should you know:

  • Unless the customer has signed up for SMS or email notices, popular couriers servicing Canada will inform recipients of missed deliveries by leaving a delivery notice at the customer’s door or in their mailbox.
  • Couriers will never complete any transactions via Interac e-Transfer.

Red Flags to look out for:

  • You receive an unexpected email or text message claiming to be from a courier service regarding a package.
  • The text in the email or text message has spelling or grammatical errors.
  • The URL in the message has spelling or grammatical errors. If you are unsure of the genuine URL, use a search engine and go directly to the company’s website.
  • The website claiming to be the courier service is requesting some form of payment.

3. What should you do?

  • Don’t click on links in email or text messages. Take care when clicking on any link, even those appearing at the top of search engine results. Float a cursor over the URL before you click or enter credentials.
  • Delete the email or text message immediately. Do not click on any unsolicited links that appear to be from courier services.
  • Pay attention before and after you click on links. Before entering your passwords or personal information, verify the URL is a genuine website. Keep in mind that scammers can create very realistic-looking fake websites.

Examples of Package Delivery Scams

The scam messages sent can range from being good imitations, to primitive or very off-brand:

Date: April 2023
Type: Fake Facebook Page
Status: Active

Fake RBC Facebook Pages

Exercise Care when Interacting on Social Media

1. Details of the scam:

Fraudsters continue to impersonate RBC by creating fake RBC Facebook pages. Unsuspecting clients may interact with the fake pages and provide personal information, assuming that it is a RBC legitimate Facebook page.

2. What should you know:

These fake Facebook pages may look deceivingly close to the legitimate RBC Facebook page (https://www.facebook.com/rbc) as they often copy images, posts, and reactions from the RBC page.

RBC legitimate Facebook page has the blue verified checkmark, which confirms the authenticity of a page.

Red Flags to look out for:

  • The fake Facebook pages do not have the blue verified checkmark.
  • The fake Facebook pages have no or low follower counts.
  • The likes, comments, and reactions are part of the image and you are unable to view users who commented/reacted/liked the post.

3. What should you do?

  • Go directly to the official website.
    When in doubt, type www.rbc.com or www.rbcroyalbank.com into your browser, or use an official RBC app. The official RBC website has many resources that will direct you to the product or assistance you need.
  • Go directly to the RBC official Facebook page if you prefer to interact on Facebook.
    RBC official Facebook page https://www.facebook.com/rbc has the blue verified checkmark, which confirms the authenticity of a page.
  • Example of a fake RBC Facebook page that uses posts, images, and logo from the official RBC Facebook page:

Date: March 2023
Type: Fake Website
Status: Active

Fake Interac e-Transfer

Use Caution When Accepting Interac e-Transfers

1. Details of the scam:

Scammers are using fake Interac e-Transfer pages to direct clients to phishing sites resembling their bank’s login page, where they will be tricked into entering their login credentials. Once the credentials are entered, the scammers use them to steal money from the client’s bank account.

2. What should you know:

These fake Interac pages look just like the legitimate Interac e-Transfer page, and contain links for the most common Canadian banks, including RBC. Scammers may use reasons such as tax refunds, telecom refunds, and COVID-19 relief to lure clients, allowing fraudsters to target as many Canadians as possible.

Red Flags to look out for:

  • You receive an unexpected e-Transfer request from an unknown individual.
  • The URL displaying the e-Transfer page is not “etransfer.interac.ca”.
  • The URL in the text, email, or e-Transfer page has numbers, dashes, or spelling mistakes.

3. What should you do?

  • Sign up for Interac AutoDeposit. By using AutoDeposit, any legitimate e-Transfers will be automatically deposited into your bank account without requiring your interaction. If you are enrolled in AutoDeposit, you can safely determine that any Interac e-Transfer links you receive are fake.

    For more information, visit https://www.rbcroyalbank.com/dms/payments/autodeposit/.
  • Verify the sender’s identity before clicking on any links in the e-Transfer request. If it is from an unknown phone number or email address, do not accept the e-Transfer.

    E-Transfer(s) received via SMS:
    Legitimate SMS messages from Interac Corp. regarding e-Transfers will be sent from the number “10001”. However, this number can still be faked by scammers, so continue to be vigilant while clicking links received from “10001”.

    E-Transfer(s) received via Email:
    Verify the origin of the interac e-transfer email before clicking on links. Legitimate interac emails are typically sent from the “payments.interac.ca” domain and include a digital signature. See screenshot for more details on what to look for.

  • Check the URL before you click through an Interac e-Transfer page. Legitimate e-Transfers always start with the URL “etransfer.interac.ca”.
  • Pay attention before and after you click on links. Before entering your passwords or personal information, verify the URL is a genuine website. Keep in mind that scammers can create very realistic-looking fake websites.
  • Don’t click on links in email or text messages. Take care when clicking on any link, even those appearing at the top of search engine results. Float a cursor over the URL before you click or enter credentials.

Below is an example of a fake Interac e-Transfer site directing clients to a fake RBC Login page:

Example of a legitimate e-Transfer URL and webpage:

Date: FEBRUARY 2023
Type: False Advertisements/Website
Status: Active

Fake RBC Advertisements Linking to Phishing Websites (Malvertising)

Exercise Care when Web Searching to Avoid Phishing Scams

1. Details of the scam:

Fraudsters continue to impersonate RBC by creating “genuine looking” phishing websites and scheming new ways to lure clients into clicking malicious links.

Cybercriminals are purchasing advertising space to promote their phishing sites so that they appear at the top of search engine results. Unsuspecting clients may click the first or second link that appears to them, assuming that it is a trustworthy website.

2. What should you know:

These fake advertisement links often look deceivingly close to the legitimate RBC URLs (such as www.rbcroyalbank.com or www.rbc.com). Clicking a malicious link will redirect the victim to a phishing website, which may possibly result in the victim disclosing sensitive information. Red Flags to look out for:

  • The URL in the ad has numbers, dashes, or spelling mistakes.
  • The ad description has text unrelated to RBC or has spelling mistakes.
  • The ad description contains the keywords you are looking for, but clicking the link takes you to a URL that does not belong to RBC.

3. What should you do?

  • Go directly to the official website. When in doubt, type www.rbc.com or www.rbcroyalbank.com into your browser, or use an official RBC app. The official RBC website has many resources that will direct you to the product or assistance you need.
  • Be careful when clicking “Sponsored” or “Ad” links. Ads typically appear at the top of search results. The first link may not always be the best link to click.
  • Pay attention before and after you click on links. Before entering your passwords or personal information, verify the URL is a genuine website. Keep in mind that scammers can create very realistic-looking fake websites.
  • Don’t click on links in email or text messages. Take care when clicking on any link, even those appearing at the top of search engine results. Float a cursor over the URL before you click or enter credentials.

Example of fake RBC websites advertised in search engines (the domains in the images do not reflect real phishing domains observed for security reasons):

Date: JANUARY 2023
Type: Website
Status: Active

“I’m not a robot” Test

1. Details of the scam:

Fraudsters continue to trick victims into entering credentials onto fake RBC websites. It is now common for phishing sites to be hidden behind a “CAPTCHA”, which is a test to differentiate between humans and robots, commonly known as "I'm not a robot" test.

2. What should you know:

RBC does not use any CAPTCHA services as we use many other tools to identify and authorize you to keep your accounts safe. If you find yourself clicking or tapping on an RBC-related link and are faced with a CAPTCHA, do not go any further, and immediately close the website.

3. What should you do?

  • Close the page immediately
  • Always go directly to the official website when providing sensitive information. Type the website URL directly into your browser – e.g., www.rbc.com. Or use an official app (e.g., RBC Mobile app)
  • Pay attention before and after you click on links. Before entering your passwords or personal information, verify the URL is a genuine website. Keep in mind that scammers can create very realistic-looking fake websites.
  • When using a search engine, pay attention to which links are ads and which are genuine search engine results. Ads typically appear first. Also, the first link displayed by a search engine may not always be the best link to click.
  • You can help us by forwarding the phishing email or attaching a screenshot of a fraudulent text message to phishing@rbc.com.
  • If you accidentally share your banking information, contact us immediately.

To help you spot phishing emails and fake websites, visit our Cyber site.

Example Screenshot:

Date: OCTOBER 2022
Type: Website
Status: Active

Example Screenshot:

EMAIL FROM YOUR RBC INVESTOR ADVISOR

1. Details of the scam:

Delivery: Email

Subject line: RBC GIC special introduction rates

An email arrives in your inbox indicating it’s from an RBC employee and it has an RBC logo, promising special GICs rates. However, the email address doesn’t look right, and they are asking for your personal information.

2. What should you know:

  • This is an example of a Phishing Email Scam.
  • Phishing emails appear to be sent from organizations or personal contacts typically asking for financial or personal information.
  • They often appear to offer a financial reward, an impending threat towards you, or claim to be someone in need of your help.
  • While you may think you’re giving your information to a valid company, you’re instead providing it to a fraudster.

3. What should you do?

  • Never open attachments you were not expecting.
  • If the email appears to come from a person you know, contact them to verify the authenticity.
  • Never provide any personal information in an email.
  • For phishing emails, please notify us by forwarding the suspicious email to phishing@rbc.com for analysis. Please note that phishing@rbc.com is an automated mailbox for reporting phishing and website fraud only – we are unable to provide responses from this mailbox.
  • Reset all digital credentials
  • If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately. Contact Us
  • Delete the email

To help you spot phishing emails and fake websites, visit our Cyber site.

Date: DECEMBER 2020
Type: Website
Status: Active

Example Screenshot:

Example:
The first result in this search looks very convincing. The link associated with the ad was a realistic-looking phishing site.

Exercise Care with Web Searches to avoid Phishing Scams

Fraudsters continue to impersonate RBC through many channels, including genuine-looking phishing websites. Scammers lure clients through malicious links in emails, text messages and search engine results, aiming to trick users into sharing sensitive information.

Malvertising Scams

Cybercriminals are actively targeting RBC clients by taking out fake online advertisements to drive traffic to malicious websites. Known as “malvertising”, these attacks target the web search results of highly visited websites, including popular ecommerce sites and financial institutions like RBC. Fraudsters aim to trick users into divulging sensitive information before the search engines can remove fake ads. Be careful when clicking on any link and stay alert for fake websites.

Telltale Signs:

  • The ad text appears genuine, but when clicked the link takes you to a different URL.
  • When trying to sign in with genuine credentials, often there’s an “error message” and asking you to call for support.
  • When calling the (fraudulent) support number provided on screen, an agent asks for details like you client card number, password and verification questions - or to take over your computer remotely.
  • There is “urgent action required”.

How to Protect Yourself:

  • Go directly to the official website when providing sensitive information. Type the website URL directly into your browser – e.g. www.rbc.com. Or use an official app (e.g. RBC app.)
  • Don’t click on links in email or text messages. Take care when clicking on any link, even those appearing at the top of search engine results. Float a cursor over the URL before you click or enter credentials.
  • Pay attention before and after you click on links. Before entering your passwords or personal information, verify the URL is a genuine website. Keep in mind that scammers can create very realistic-looking fake websites.
  • When using a search engine, pay attention to which links are ads and which are genuine search engine results. Ads typically appear first. Also the first link displayed by a search engine may not always be the best link to click.
  • Don’t let anyone take control of your computer remotely. For example, to “sign you in”, “reset your password” or provide “technical support”.
  • Don’t provide financial details or personal information to unknown parties over the phone. (e.g. credit card number, expiry date).
  • If you need help from RBC: Visit our website by typing the RBC URL directly into your browser (e.g. www.rbc.com). Use the information listed only on our official website to contact us or call the numbers listed on the back of your RBC client card.

How to Report Fake Websites or Online Scams:

If you think you’ve spotted a fake website or online advertising masquerading as RBC, copy and paste the website address or search result and email to phishing@rbc.com. Online advertising scams can also be reported directly to the search engine using tools for submitting violations.

Note: We receive large volumes of reports and are unable to provide personalized responses to emails sent to this email address.

Date: DECEMBER 2020
Type: SMS
Status: Active

Example Screenshot:

The fraudulent text messages can be very convincing. This one claims an “online account” has been “temporarily locked”.

Cyber criminals continue to send fraudulent SMS (text) messages masquerading as RBC. Known as Smishing, a form of phishing, these texts are sent by fraudsters trying to trick people into providing personal or financial information.

Be alert for any text messages claiming to be from RBC – particularly those asking you to log into your RBC accounts or appearing to require urgent attention.

If you receive one of these messages:

Do not:

  • Click on any links in the message or share personal information. RBC will never ask you to provide, confirm or verify personal, login or account information through regular unsecured email, text message or unsolicited phone call. For example, RBC won’t send you a link via text message or email asking you to “click here” to log in to your bank account.
  • Reply to the message or call the number provided

Do:

  • Log in to any accounts directly through RBC’s website or apps. (e.g. RBC Mobile App.)
  • Contact RBC immediately if you believe your confidential information may have been stolen or obtained by a fraudulent party through text messages, email, phone, websites or any other means. Use the contact numbers on the back of your client card or on our website rather than the number provided in the message.
  • Take extra care with phone numbers you don’t recognize. Keep in mind that it’s easy to imitate phone numbers or senders.
  • Learn more about phone and messaging scams and how you can communicate with RBC safely.

RBC Text Messages and Alerts:

  • RBC Text Messages: RBC will use text messages sent via a short code to communicate with you at your request. All short codes used by RBC are listed on the page. If you have received a text message from a phone number not listed, or any message asking you to provide or confirm personal details or confidential information, do not reply. Report it to us at phishing@rbc.com.
  • RBC Royal Bank Alerts: You can set up alerts through RBC Online Banking or the RBC Mobile App. Simply set the type of alert you want to receive and decide how to receive them – by text message, email or mobile push notifications.

How to Report Smishing/Phishing:

  • If the message is pretending to be from RBC: Do not reply. Forward to the RBC security team at phishing@rbc.com and enter "Smishing Incident" in the subject line. Include the phone number and the contents of the text message. Once reported, you can then delete the text message from your device.
  • Scams can also be reported to local government, law enforcement and/or telecommunications providers. For example, the Canadian Anti-Fraud Centre.

Date: APRIL 2020
Type: E-Mail/SMS
Status: Active

Cyber criminals are continuing to use COVID-19 themed messages to harvest personal information and commit fraud. Their tactics continue to evolve, with the latest phishing emails focused on emergency financial support, employment and benefits programs, including the Canada Emergency Response Benefit (CERB) program.

What to look for:

  • Be on high alert for phishing emails and phone/text messaging scams related to COVID-19.
  • Watch for any message that asks you to provide personal or financial information – for example, to claim money or apply for COVID-19 benefits.
  • Be careful about clicking any links or attachments in emails, texts, messaging apps or social media messages. It’s very easy for attackers to fake email addresses or phone numbers to impersonate other people or organizations, like government agencies.

Do’s and Don’ts:

  • When registering and claiming your COVID-related benefits, go directly to the official websites of authorities. Don’t click on links in emails or text messages, or open attachments. Go directly to official websites by typing the address into your browser, or use a trusted search engine to find the official site. And always be wary when entering ANY personal or financial information online.
  • Do use reliable information sources, such as government websites, when seeking information on financial relief related to the COVID-19 pandemic.
  • Do report suspicious messages and then delete them immediately. If you receive a suspicious email appearing to come from RBC, please forward it to phishing@rbc.com.
  • Do be very careful about trusting emails or text messages, and who sent them. Look closely at the “from” email address and remember that it’s very easy for attackers to forge emails or phone numbers to appear legitimate.
Where can I get trusted and safe information about COVID-related financial benefits, and how to claim them?

Where do I report any scams?

Canada:

U.K.

U.S.

Other countries:

  • Please visit the official websites of your region’s government authorities.

Date: APRIL 2020
Type: SMS
Status: Active

Sample text

Scammers are sending text messages impersonating government revenue/taxation authorities and agencies, such as the Canada Revenue Agency (CRA) and Internal Revenue Service (IRS). Although taxation scams may be more frequent around tax-filing deadlines, they also continue throughout the year.

How to Recognize the Scam
Text messages that claim to provide a tax reimbursement with a website link. Scammers are attempting to steal your personal information, such as:

  • government identification, like a Social Insurance Number (SIN) or Social Security Number (SSN)
  • online taxation service usernames and passwords
  • online banking client card, username, and passwords

Government taxation agencies will never contact taxpayers by email, text message, or social media requesting personal or financial information

This current tax-related scam is similar to past ones, such as a refund deposit, claiming you owe taxes, offering free tax preparation, or that your government identification or bank account is being suspended.
See the past RBC alert, “Phishing Scam: Payment Receipt Advise.”

What should you do?

Where can I get trusted and safe information about tax returns?

Date: MARCH 2020
Type: Email
Status: Active

Sample Emails



Cyber criminals are currently taking advantage of the COVID-19 pandemic by sending emails, texts and social media messages that contain phishing links or malicious attachments.

Cyber criminals are impersonating governments, health authorities and other organizations to provide false information, steal information, sell fake medical products or tests and redirect to fake charity donations.

What to look for: 

  • Be careful about clicking links or attachments in suspicious emails, texts or social media messages.
  • Attackers can falsify the sender information in messages. Make sure the sender’s email address has a valid username and domain name.
  • Be careful before revealing any personal or financial information through email, a website, text message, social media, or by phone.
  • Learn how to protect yourself online

What you should do if you receive a suspicious message:

  • If you receive a suspicious email appearing to come from RBC, please forward it to phishing@rbc.com.
  • Delete suspicious messages immediately after reporting them.
  • Consider contacting the person or organization that sent the message using a phone number you’ve used before or one listed on their website.

Where can I get trusted and safe information about the pandemic?

Visit known and reputable websites, like the official World Health Organization’s Coronavirus disease (COVID-19) Pandemic page, or local health authorities like the Public Health Agency of Canada website for correct up-to-date information on COVID-19.

For updated information on COVID-19 from RBC, please visit https://www.rbc.com/covid-19/index.html

Make sure you know how to protect your business.

Date: JULY 2019
Type: Email
Status: Active

Investors are being targeted by a scam using fake RBC Direct Investing branded websites. Cyber criminals are attempting to solicit members of the public to invest money in a questionable investment or one that doesn’t exist at all via websites that appear to be from RBC. Common tactics of the online investment scam include website spoofing (making a similar version of a trusted website), using social media to research and attract potential targets, and soliciting them through popular messaging platforms and/or email.

RBC Direct Investing has two legitimate websites:

If you are unsure whether a correspondence claiming to be from RBC is authentic, please contact us immediately.

If you have already invested in an offering you think may be fraudulent or you have been asked to pay additional money to get back money from an investment, we strongly recommend that you take steps to report the matter to your local law enforcement.

For secure ways to open an RBC Direct Investing account, Investors should contact RBC Direct Investing

Recognizing and avoiding investment scams:

  • If something seems too good to be true, it probably is. If an investment is advertised as having high or guaranteed return with little or no risk, it is usually a good indicator that you should investigate further before investing.
  • Ask questions and research the company, the broker, and the investment.
  • If someone is pressuring you to make a quick investment decision or move funds out of your country or market, disengage and reconsider.
  • Approach unsolicited offers with caution.
  • Don't follow links contained in investment offers; always navigate to websites independently, and double check the URL, as cyber criminals are known to imitate trusted websites.

Please visit the following links to seek guidance on how to protect yourself:

Date: JULY 2019
Type: Email
Status: Active

Recently, we sent an email to our valued RBC business clients asking them to update their email servers to a more secure encryption protocol. The Payment Card Industry Data Security Standard (PCI DSS) for safeguarding payment data now requires an encryption protocol which includes the Transport Layer Security (TLS) v1.1 or higher (TLS v1.2 is the RBC Standard).

This update is needed to ensure our business clients have the right security measures in place to continue communicating safely and securely with RBC.

The email was sent from RBC TLS Communication (pcbtls@rbc.com) on July 8. Below is what it looked like:

What You Should Do

  • If you have received this email, please follow the instructions provided to verify that you are using an appropriate version of TLS.
  • Starting September 1, 2019, RBC will no longer support TLC v1.0 or v1.1. Please update your email servers to TLC v1.2 to ensure an encrypted connection between our email service and yours.
  • Hang up and call the company that the person or message states they are calling from on their official number to verify that the request is genuine.
  • Get more details about this change on our TLS v1.2 FAQs page.

Questions?

If you have any questions, please contact RBC's TLS Registration team at pcbtls@rbc.com.

Date: MAY 2019
Type: Phone
Status: Active

A telephone scam targeting the Asian community has recently resurfaced. The fraudsters claim to be calling from RBC. The purpose of these calls is to trick clients into giving up personal information for fraudulent use. The caller may use social engineering tactics like threatening to close your account or insisting you update your account information to create a sense of urgency.

The calls appear to be coming from an RBC phone number: 1-888-769-2598. This is known as ‘call spoofing’ where a caller falsifies the number that appears on the recipient’s caller ID display. In this case, the fraudsters are trying to trick you into believing that RBC is calling.

What You Should Do

  • If you answer the phone and the caller – or a recording – asks you to press a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
  • Do not respond to any questions, especially those that can be answered with "Yes" or "No."
  • Hang up and call the company that the person or message states they are calling from on their official number to verify that the request is genuine.
  • If you accidentally share your banking information, contact us immediately.

Be Cyber Aware

Become your best defence against cyber criminals. Visit rbc.com/cyber for more tips on how to keep your personal information secure.

Date: MAR 2019
Type: E-Mail
Status: Active
Phishing Scam

RBC clients are the target of new phishing scam. The suspicious email, appearing to come from RBC, is a direct deposit notice indicating that the Canada Revenue Agency has recently put money into your RBC account. The email includes an attachment.

What to look for

Pay attention to the sender and their email address.

  • Make sure that the sender’s email address has a valid username and domain name. A suspicious email address could look like: "<noreply@achaft-rbc.com>"

The email's contents can also offer clues.

  • If you get an email and it asks you to download a questionable attachment and run it, that’s another red flag.
  • RBC will never ask you to download and run programs attached to an email.

What you should do

If you receive a suspicious email, appearing to come from RBC, forward it to phishing@rbc.com and then delete it right away. Even if you didn’t click on the link or download any attachments, it’s important that our cyber security experts are aware of these types of scams.

Be Cyber Aware:

  • Never open attachments, click on links or download anything from any email or website that looks suspicious
  • Always verify in-person or over the phone that the person contacting you is who they say they are
  • Here’s more on how to spot phishing scams.
  • Get more tips on how to keep your email safe.

Date: FEB 2019
Type: SMS
Status: Active
Smishing Scam

RBC clients are the target of another text-messaging scam. The text messages warn clients that their cards have been disabled, and that they must click on a link or call a phone number in order to secure their account.

If you receive one of these text messages, we strongly urge you not to click on the link, and to contact us directly using the contact numbers on the back of your client card or on our site rather than the number provided in the text message.

Clients have also received text messages instructing them to call a phone number to receive an important message. These messages are also fraudulent. DO NOT call the number provided, instead use the contact numbers found on the back of your RBC client card or on our site.

The scam appears to be limited to Canadian clients, but US or Caribbean clients may be targeted too. If you have received a text message from a number you don’t recognize, delete the message right away. If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, contact us immediately.

Date: FEB 2019
Type: Phone
Status: Active

Several calls, designed to appear as though they are coming from RBC, have been made to RBC clients across Canada in order to retrieve personal or financial information. No RBC systems have been compromised, and we have escalated this issue to Canadian telephone carriers, who are working to remediate the situation.

What is Caller ID Spoofing?

Caller ID spoofing is when a caller deliberately falsifies the information transmitted to an individual’s caller ID display to disguise their identity.

Protect Yourself from Spoofing

Spoofing is often used as part of an attempt to trick someone into giving away valuable personal information so it can be used in fraudulent activity or sold.

Spoofing is a social engineering scam that relies on psychological manipulation tactics. Websites, phone numbers, email addresses, and various other communication methods can be spoofed.

As this is a Canada-wide scam that involves a wide range of corporate and personal phone numbers, here are some additional tips to protect yourself from caller ID spoofing:

  • If you answer the phone and the caller - or a recording - asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
  • Do not respond to any questions, especially those that can be answered with "Yes" or "No."
  • Call us at the contact numbers found on the back of your RBC client card or on our site.

Need to Report Online Fraud?

Phone Icon

Call Us

If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately.

If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately.

Learn more

Report Icon

Report ID Fraud

If you think you are a victim of identity fraud and you are an RBC client

If you think you are a victim of identity fraud and you are an RBC client

Learn more

Email Icon

Email/Website Fraud

If you have received a suspicious email or accessed a fraudulent RBC website

If you have received a suspicious email or accessed a fraudulent RBC website

Learn more