Scam Alerts

EMAIL FROM YOUR RBC INVESTOR ADVISOR

1. Details of the scam:

Delivery: Email

Subject line: RBC GIC special introduction rates

An email arrives in your inbox indicating it’s from an RBC employee and it has an RBC logo, promising special GICs rates. However, the email address doesn’t look right, and they are asking for your personal information.

2. What should you know:

• This is an example of a Phishing Email Scam.
• Phishing emails appear to be sent from organizations or personal contacts typically asking for financial or personal information.
• They often appear to offer a financial reward, an impending threat towards you, or claim to be someone in need of your help.
• While you may think you’re giving your information to a valid company, you’re instead providing it to a fraudster.

3. What should you do?

• Never open attachments you were not expecting.
• If the email appears to come from a person you know, contact them to verify the authenticity.
• Never provide any personal information in an email.
• For phishing emails, please notify us by forwarding the suspicious email to phishing@rbc.com for analysis. Please note that phishing@rbc.com is an automated mailbox for reporting phishing and website fraud only – we are unable to provide responses from this mailbox.
• Reset all digital credentials
• If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately. Contact Us
  
• Delete the email

To help you spot phishing emails and fake websites, visit our Cyber site.

Exercise Care with Web Searches to avoid Phishing Scams

Fraudsters continue to impersonate RBC through many channels, including genuine-looking phishing websites. Scammers lure clients through malicious links in emails, text messages and search engine results, aiming to trick users into sharing sensitive information.

Malvertising Scams

Cybercriminals are actively targeting RBC clients by taking out fake online advertisements to drive traffic to malicious websites. Known as “malvertising”, these attacks target the web search results of highly visited websites, including popular ecommerce sites and financial institutions like RBC. Fraudsters aim to trick users into divulging sensitive information before the search engines can remove fake ads. Be careful when clicking on any link and stay alert for fake websites.

Telltale Signs:

• The ad text appears genuine, but when clicked the link takes you to a different URL.
• When trying to sign in with genuine credentials, often there’s an “error message” and asking you to call for support.
• When calling the (fraudulent) support number provided on screen, an agent asks for details like you client card number, password and verification questions - or to take over your computer remotely.
• There is “urgent action required”.

How to Protect Yourself:

• Go directly to the official website when providing sensitive information. Type the website URL directly into your browser – e.g. www.rbc.com. Or use an official app (e.g. RBC app.)
• Don’t click on links in email or text messages. Take care when clicking on any link, even those appearing at the top of search engine results. Float a cursor over the URL before you click or enter credentials.
• Pay attention before and after you click on links. Before entering your passwords or personal information, verify the URL is a genuine website. Keep in mind that scammers can create very realistic-looking fake websites.
• When using a search engine, pay attention to which links are ads and which are genuine search engine results. Ads typically appear first. Also the first link displayed by a search engine may not always be the best link to click.
• Don’t let anyone take control of your computer remotely. For example, to “sign you in”, “reset your password” or provide “technical support”.
• Don’t provide financial details or personal information to unknown parties over the phone. (e.g. credit card number, expiry date).
• If you need help from RBC: Visit our website by typing the RBC URL directly into your browser (e.g. www.rbc.com). Use the information listed only on our official website to contact us or call the numbers listed on the back of your RBC client card.

How to Report Fake Websites or Online Scams:

If you think you’ve spotted a fake website or online advertising masquerading as RBC, copy and paste the website address or search result and email to phishing@rbc.com. Online advertising scams can also be reported directly to the search engine using tools for submitting violations.

Note: We receive large volumes of reports and are unable to provide personalized responses to emails sent to this email address.

Cyber criminals continue to send fraudulent SMS (text) messages masquerading as RBC. Known as Smishing, a form of phishing, these texts are sent by fraudsters trying to trick people into providing personal or financial information.

Be alert for any text messages claiming to be from RBC – particularly those asking you to log into your RBC accounts or appearing to require urgent attention.

If you receive one of these messages:

Do not:

• Click on any links in the message or share personal information. RBC will never ask you to provide, confirm or verify personal, login or account information through regular unsecured email, text message or unsolicited phone call. For example, RBC won’t send you a link via text message or email asking you to “click here” to log in to your bank account.
• Reply to the message or call the number provided

Do:

• Log in to any accounts directly through RBC’s website or apps. (e.g. RBC Mobile App.)
• Contact RBC immediately if you believe your confidential information may have been stolen or obtained by a fraudulent party through text messages, email, phone, websites or any other means. Use the contact numbers on the back of your client card or on our website rather than the number provided in the message.
• Take extra care with phone numbers you don’t recognize. Keep in mind that it’s easy to imitate phone numbers or senders.
• Learn more about phone and messaging scams and how you can communicate with RBC safely.

RBC Text Messages and Alerts:

• RBC Text Messages: RBC will use text messages sent via a short code to communicate with you at your request. All short codes used by RBC are listed on the page. If you have received a text message from a phone number not listed, or any message asking you to provide or confirm personal details or confidential information, do not reply. Report it to us at phishing@rbc.com.
• RBC Royal Bank Alerts: You can set up alerts through RBC Online Banking or the RBC Mobile App. Simply set the type of alert you want to receive and decide how to receive them – by text message, email or mobile push notifications.

How to Report Smishing/Phishing:

• If the message is pretending to be from RBC: Do not reply. Forward to the RBC security team at phishing@rbc.com and enter "Smishing Incident" in the subject line. Include the phone number and the contents of the text message. Once reported, you can then delete the text message from your device.
• Scams can also be reported to local government, law enforcement and/or telecommunications providers. For example, the Canadian Anti-Fraud Centre.

Scammers are sending text messages impersonating government revenue/taxation authorities and agencies, such as the Canada Revenue Agency (CRA) and Internal Revenue Service (IRS). Although taxation scams may be more frequent around tax-filing deadlines, they also continue throughout the year.

How to Recognize the Scam
Text messages that claim to provide a tax reimbursement with a website link. Scammers are attempting to steal your personal information, such as:

• government identification, like a Social Insurance Number (SIN) or Social Security Number (SSN)
• online taxation service usernames and passwords
• online banking client card, username, and passwords

Government taxation agencies will never contact taxpayers by email, text message, or social media requesting personal or financial information

This current tax-related scam is similar to past ones, such as a refund deposit, claiming you owe taxes, offering free tax preparation, or that your government identification or bank account is being suspended.
See the past RBC alert, “Phishing Scam: Payment Receipt Advise.”

What should you do?

• Do NOT click on a link or respond to a number you don’t recognize. Keep in mind, they can imitate numbers you do recognize. Be Wary of Phone & Messaging Scams.
• Delete the text message from your phone after reporting it (Canadian Anti-Fraud Centre or phishing@irs.gov in the U.S.).
• Contact the CRA (opens to external site) or IRS (opens to external site) directly to verify the information provided in the message.
• Contact the Canadian Anti-Fraud Centre toll free at 1-888-495-8501 1-888-495-8501 or visit their website (opens to external site) if you believe your personal information has been stolen and used for tax purposes.

Where can I get trusted and safe information about tax returns?

• Visit the CRA (opens to external site) or IRS (opens to external site) websites for correct information about taxes.
• For additional and up to date information on tax scams, visit the Government of Canada website (opens to external site) or the IRS tax scam alerts (opens to external site)
• Make sure you know how to stay safe this tax season.

Cyber criminals are currently taking advantage of the COVID-19 pandemic by sending emails, texts and social media messages that contain phishing links or malicious attachments.

Cyber criminals are impersonating governments, health authorities and other organizations to provide false information, steal information, sell fake medical products or tests and redirect to fake charity donations.

What to look for: 

• Be careful about clicking links or attachments in suspicious emails, texts or social media messages.
• Attackers can falsify the sender information in messages. Make sure the sender’s email address has a valid username and domain name.
• Be careful before revealing any personal or financial information through email, a website, text message, social media, or by phone.
• Learn how to protect yourself online

What you should do if you receive a suspicious message:

• If you receive a suspicious email appearing to come from RBC, please forward it to phishing@rbc.com.
• Delete suspicious messages immediately after reporting them.
• Consider contacting the person or organization that sent the message using a phone number you’ve used before or one listed on their website.

Where can I get trusted and safe information about the pandemic?

Visit known and reputable websites, like the official World Health Organization’s Coronavirus disease (COVID-19) Pandemic page, or local health authorities like the Public Health Agency of Canada website for correct up-to-date information on COVID-19.

For updated information on COVID-19 from RBC, please visit https://www.rbc.com/covid-19/index.html

Make sure you know how to protect your business.

RBC clients are the target of new phishing scam. The suspicious email, appearing to come from RBC, is a direct deposit notice indicating that the Canada Revenue Agency has recently put money into your RBC account. The email includes an attachment.

What to look for

Pay attention to the sender and their email address.

• Make sure that the sender’s email address has a valid username and domain name. A suspicious email address could look like: "<noreply@achaft-rbc.com>"

The email's contents can also offer clues.

• If you get an email and it asks you to download a questionable attachment and run it, that’s another red flag.
• RBC will never ask you to download and run programs attached to an email.

What you should do

If you receive a suspicious email, appearing to come from RBC, forward it to phishing@rbc.com and then delete it right away. Even if you didn’t click on the link or download any attachments, it’s important that our cyber security experts are aware of these types of scams.

Be Cyber Aware:

• Never open attachments, click on links or download anything from any email or website that looks suspicious
• Always verify in-person or over the phone that the person contacting you is who they say they are
• Here’s more on how to spot phishing scams.
• Get more tips on how to keep your email safe.

RBC clients are the target of another text-messaging scam. The text messages warn clients that their cards have been disabled, and that they must click on a link or call a phone number in order to secure their account.

If you receive one of these text messages, we strongly urge you not to click on the link, and to contact us directly using the contact numbers on the back of your client card or on our site rather than the number provided in the text message.

Clients have also received text messages instructing them to call a phone number to receive an important message. These messages are also fraudulent. DO NOT call the number provided, instead use the contact numbers found on the back of your RBC client card or on our site.

The scam appears to be limited to Canadian clients, but US or Caribbean clients may be targeted too. If you have received a text message from a number you don’t recognize, delete the message right away. If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, contact us immediately.