Skip to main content

Stay Informed On the Latest Cyber Scams

Being aware of online scams and knowing what to look for is the key to protecting yourself against cyber criminals. Here are some cyber scams currently affecting RBC clients.

Date: JULY 2019
Type: Email
Status: Active

Investors are being targeted by a scam using fake RBC Direct Investing branded websites. Cyber criminals are attempting to solicit members of the public to invest money in a questionable investment or one that doesn’t exist at all via websites that appear to be from RBC. Common tactics of the online investment scam include website spoofing (making a similar version of a trusted website), using social media to research and attract potential targets, and soliciting them through popular messaging platforms and/or email.

RBC Direct Investing has two legitimate websites:

If you are unsure whether a correspondence claiming to be from RBC is authentic, please contact us immediately.

If you have already invested in an offering you think may be fraudulent or you have been asked to pay additional money to get back money from an investment, we strongly recommend that you take steps to report the matter to your local law enforcement.

For secure ways to open an RBC Direct Investing account, Investors should contact RBC Direct Investing

Recognizing and avoiding investment scams:

  • If something seems too good to be true, it probably is. If an investment is advertised as having high or guaranteed return with little or no risk, it is usually a good indicator that you should investigate further before investing.
  • Ask questions and research the company, the broker, and the investment.
  • If someone is pressuring you to make a quick investment decision or move funds out of your country or market, disengage and reconsider.
  • Approach unsolicited offers with caution.
  • Don't follow links contained in investment offers; always navigate to websites independently, and double check the URL, as cyber criminals are known to imitate trusted websites.

Please visit the following links to seek guidance on how to protect yourself:

Date: JULY 2019
Type: Email
Status: Active

Recently, we sent an email to our valued RBC business clients asking them to update their email servers to a more secure encryption protocol. The Payment Card Industry Data Security Standard (PCI DSS) for safeguarding payment data now requires an encryption protocol which includes the Transport Layer Security (TLS) v1.1 or higher (TLS v1.2 is the RBC Standard).

This update is needed to ensure our business clients have the right security measures in place to continue communicating safely and securely with RBC.

The email was sent from RBC TLS Communication (pcbtls@rbc.com) on July 8. Below is what it looked like:

What You Should Do

  • If you have received this email, please follow the instructions provided to verify that you are using an appropriate version of TLS.
  • Starting September 1, 2019, RBC will no longer support TLC v1.0 or v1.1. Please update your email servers to TLC v1.2 to ensure an encrypted connection between our email service and yours.
  • Hang up and call the company that the person or message states they are calling from on their official number to verify that the request is genuine.
  • Get more details about this change on our TLS v1.2 FAQs page.

Questions?

If you have any questions, please contact RBC's TLS Registration team at pcbtls@rbc.com.

Date: MAY 2019
Type: Phone
Status: Active

A telephone scam targeting the Asian community has recently resurfaced. The fraudsters claim to be calling from RBC. The purpose of these calls is to trick clients into giving up personal information for fraudulent use. The caller may use social engineering tactics like threatening to close your account or insisting you update your account information to create a sense of urgency.

The calls appear to be coming from an RBC phone number: 1-888-769-2598. This is known as ‘call spoofing’ where a caller falsifies the number that appears on the recipient’s caller ID display. In this case, the fraudsters are trying to trick you into believing that RBC is calling.

What You Should Do

  • If you answer the phone and the caller – or a recording – asks you to press a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
  • Do not respond to any questions, especially those that can be answered with "Yes" or "No."
  • Hang up and call the company that the person or message states they are calling from on their official number to verify that the request is genuine.
  • If you accidentally share your banking information, contact us immediately.

Be Cyber Aware

Become your best defence against cyber criminals. Visit rbc.com/cyber for more tips on how to keep your personal information secure.

Date: MAR 2019
Type: E-Mail
Status: Active
Phishing Scam

RBC clients are the target of new phishing scam. The suspicious email, appearing to come from RBC, is a direct deposit notice indicating that the Canada Revenue Agency has recently put money into your RBC account. The email includes an attachment.

What to look for

Pay attention to the sender and their email address.

  • Make sure that the sender’s email address has a valid username and domain name. A suspicious email address could look like: "<noreply@achaft-rbc.com>"

The email's contents can also offer clues.

  • If you get an email and it asks you to download a questionable attachment and run it, that’s another red flag.
  • RBC will never ask you to download and run programs attached to an email.

What you should do

If you receive a suspicious email, appearing to come from RBC, forward it to phishing@rbc.com and then delete it right away. Even if you didn’t click on the link or download any attachments, it’s important that our cyber security experts are aware of these types of scams.

Be Cyber Aware:

  • Never open attachments, click on links or download anything from any email or website that looks suspicious
  • Always verify in-person or over the phone that the person contacting you is who they say they are
  • Here’s more on how to spot phishing scams.
  • Get more tips on how to keep your email safe.

Date: FEB 2019
Type: SMS
Status: Active
Smishing Scam

RBC clients are the target of another text-messaging scam. The text messages warn clients that their cards have been disabled, and that they must click on a link or call a phone number in order to secure their account.

If you receive one of these text messages, we strongly urge you not to click on the link, and to contact us directly using the contact numbers on the back of your client card or on our site rather than the number provided in the text message.

Clients have also received text messages instructing them to call a phone number to receive an important message. These messages are also fraudulent. DO NOT call the number provided, instead use the contact numbers found on the back of your RBC client card or on our site.

The scam appears to be limited to Canadian clients, but US or Caribbean clients may be targeted too. If you have received a text message from a number you don’t recognize, delete the message right away. If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, contact us immediately.

Date: FEB 2019
Type: Phone
Status: Active

Several calls, designed to appear as though they are coming from RBC, have been made to RBC clients across Canada in order to retrieve personal or financial information. No RBC systems have been compromised, and we have escalated this issue to Canadian telephone carriers, who are working to remediate the situation.

What is Caller ID Spoofing?

Caller ID spoofing is when a caller deliberately falsifies the information transmitted to an individual’s caller ID display to disguise their identity.

Protect Yourself from Spoofing

Spoofing is often used as part of an attempt to trick someone into giving away valuable personal information so it can be used in fraudulent activity or sold.

Spoofing is a social engineering scam that relies on psychological manipulation tactics. Websites, phone numbers, email addresses, and various other communication methods can be spoofed.

As this is a Canada-wide scam that involves a wide range of corporate and personal phone numbers, here are some additional tips to protect yourself from caller ID spoofing:

  • If you answer the phone and the caller - or a recording - asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
  • Do not respond to any questions, especially those that can be answered with "Yes" or "No."
  • Call us at the contact numbers found on the back of your RBC client card or on our site.

Need to Report Online Fraud?

Phone Icon

Call Us

If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately.

If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately.

Learn more

Report Icon

Report ID Fraud

If you think you are a victim of identity fraud and you are an RBC client

If you think you are a victim of identity fraud and you are an RBC client

Learn more

Email Icon

Email/Website Fraud

If you have received a suspicious email or accessed a fraudulent RBC website

If you have received a suspicious email or accessed a fraudulent RBC website

Learn more