Select a Category:
Look out for Email Scams
Social Engineering
Social engineering is the art of manipulating people so they give up confidential information. Cyber Criminals often use this tactic, which plays on human emotions, to trick their victims into giving them your passwords or bank information or access to your computer to secretly install malicious software.
You may be asked to reveal personal information, click on a link, or open an attachment.
They try to appeal to your emotions and create a sense of urgency. For instance, they might pose as an RBC employee and ask you to change or confirm your password by clicking on a link.
Their goal is usually to place malware, or malicious software, on your computer or mobile device. Malware is software designed to push ads to you, lock your computer unless you pay a ransom, or track your online activity.
Here are some different types of social engineering scams:
Phishing
Phishing is one of the most common scams used by cyber criminals. They send you a phony email offer (telling you that you’ve won a vacation or a lottery, for example) hoping that you’ll take the bait and give them the information they’re seeking, usually your private information or your financial data.
Here’s how it works:
You’ll be asked to download a file or open an attachment – typically, this will be malicious software masquerading as a harmless file or program.
This software helps cyber criminals gain access to your personal and financial information.
What You Should Do
The best way to protect yourself from phishing scams is to stop and think – is this too good to be true? If it is, don’t take the bait.
When you receive an “urgent” request, always verify in-person or over the phone that the person contacting you is who they say they are.
If you receive a suspicious email from RBC, forward it to phishing@rbc.com and then delete it right away.
Other Forms of Phishing
Criminals will use any means at their disposal to try to get access to your information, not only email. Phishing scams can also come in the form of text messages to your mobile phone or tablet, or as messages through social media sites, or even telephone calls.
They will also tailor their phishing attacks to appeal to small groups of people (such as human resources professionals, or people sharing a hobby or interest) or even individuals, a practice known as Spear Phishing.
Fake Websites
Have you have ever received an email or text message from a seemingly familiar source asking you to update your profile or change your password due to some unforeseen circumstance?
To spoof a website or an email address means faking the identity of another user or company to make it look like it's from a legitimate source or a known sender.
Here’s how it works:
Using email software, criminals can spoof or imitate an email address or URL to trick recipients into believing that they’re corresponding with a legitimate person, be it a friend, family member, or representative of an organization.
They direct you to a website that looks authentic, but is actually just a carbon copy of the real one.
What You Should Do
If you receive any communication you find suspicious, independently contact the person or organization that sent it before taking any action. Do NOT just reply to the suspicious email to make sure it’s genuine.
Avoid giving away personal and financial information anywhere online, including email.
Do not click on unknown email links or attachments.
If you suspect a fake website is masquerading as an RBC company website, report it to phishing@rbc.com. Remember to copy the full URL (website address) into the body of the email.
Be Wary of Phone & Messaging Scams
Vishing
If you receive a call from someone claiming to be from a reputable source who wants you to share your personal and banking information, it could be a “vishing” scam, a term derived from “voice” and “phishing.” Here’s how it works:
A cyber criminal will call you and pose as a representative of a reputable company.
They will attempt to get you to reveal personal information over the phone or perform an action, such as transferring money to another account or sending your bank cards to an address they provided.
You could also receive an unexpected call about a refund or an issue with your debit or credit card. To fix the “issue,” they ask you to confirm your payment and bank account details.
What You Should Do
Never share personal or banking information over the phone.
Hang up and call the company’s official number to verify that the request is genuine.
If you accidentally share your banking information, call RBC immediately (1-800-769-2511). The number to call is also listed on the back of your debit or credit cards.
Smishing
Have you ever received a text message from a number you don’t recognize asking you to do something, like provide your private or financial information? It could be a smishing scam.
Smishing, a form of phishing, is when a cyber criminal tries to trick you into providing your personal information via SMS (Short Message Service) or a text. The name comes from combining SMS and ‘phishing’. Here’s how it works:
- Cyber criminals will send out text messages asking the recipients to call a number or click on a link.
- When you call the number or click the link, you’re asked to provide personal information, such as your credit card or bank account number.
What You Should Do
Don’t click on links sent by numbers you don’t recognize. Keep in mind that they might imitate numbers you do recognize.
Verify any request you get over text in-person or over the phone using official company numbers.
Avoid acting out of a sense of urgency or emotion. Above all, be cautious if something doesn’t seem quite right.
If the number isn’t legitimate, delete the text message from your phone.
Protect Yourself from Social Media Scams
The rapid growth in popularity of social media sites, such as Facebook, Instagram or Twitter, has created more opportunities for cyber criminals, who use messaging functions to identify and contact possible victims. One of their most popular tactics on social media is called Angler Phishing. Here’s how it works:
Criminals identify active social media users and track public conversations or messages, looking for requests for technical help.
They send messages to these active users pretending to be the help desk for a legitimate business or organization, offering technical assistance or advice.
The criminals lead their targets to a phony social media account or page, where they are asked to give out personal information or even transfer money.
What You Should Do
Be very careful when contacting companies on social media. Ensure the username you are messaging is legitimate and, when possible, use the direct message feature so that your correspondence is private.
If you have any doubts that the account you are contacting is legitimate, your best bet is to go into a branch to speak to someone in person. Or call RBC’s official phone number (1-800-769-2511 1-800-769-2511).
Be careful what you share on social media sites. Information such as your work or business email, home address, or personal details can be used by criminals to target you for fraud.
Be wary of “instant friends” on social media. On many social media sites, once you agree to “friend” someone, you are sharing all your information with them.
Check your privacy settings on each social media site to ensure that you are only sharing information that you are comfortable sharing in public.
Protect Yourself From Romance And Online Dating Scams
A romance scam is a fraudulent scheme in which a cyber criminal pretends to have romantic interest in a target.
The criminal’s goal is to establish a relationship as quickly as possible, endear themselves to the victim, gain trust, and eventually profess to have fallen in love. Ultimately, the scammer will ask for money or personal information from the victim under these false pretenses.
Romance scams often focus on older or isolated adults who may be more trusting and more vulnerable. Unfortunately, common targets are widows and widowers, but criminals will target anyone eager for a new relationship.
Here’s how it works:
- Romance scams usually involve the criminal assuming a false online identity, typically on a dating or social networking site, for the purpose of tricking their victims.
- They search social media sites, exploiting information that potential targets have posted, to gain their interest and trust.
- The criminals may claim to have an emergency need for the funds or may request money for airfare to visit their victim, but never actually come.
- Criminals will often ask for photos or personal information that could eventually be used to blackmail the victims for more money.
What You Should Do
If you suspect an online relationship is a scam, stop all contact immediately.
Call us right away, if you sent money or shared your financial information with the suspected criminal.
Gather any information relating to the situation, like the suspect’s profile name, emails, where you made contact, etc. and contact your local police.
Be vigilant with your heart and your wallet. Note the dating or social media site where you met — criminals usually have more than one account.
Watch out for Tax Scams
Taxpayers should be vigilant when they receive a suspicious communication claiming to be from the Canada Revenue Agency (CRA) or the Internal Revenue Agency (IRS) in the US, requesting personal information such as a social insurance number, credit card number, bank account number, or passport number.
These scams typically start with a phone call (vishing), an email (phishing) or a text message (SMiShing) saying you owe back taxes, or that you are getting a larger refund than expected. The criminal poses as a CRA or an IRS agent in an attempt to gather personal information or to pressure you into making a payment.
Here’s how it works:
- Criminals call you claiming that they are issuing a tax refund and need you to provide personal information to process the tax return.
- The criminals play on your emotions by creating a sense of fear, indicating that failure to comply with their money demands may lead to your deportation, a lawsuit or an arrest if you do not pay immediately.
- You will get an email or text message saying that several discrepancies have been found with the taxes you filed, which need to be updated. The email includes a link where you can update your information or an attachment, like a refund spreadsheet or form that actually contains malware or ransomware.
- Criminals will try to trick you with what appears to be an e-transfer or a direct deposit from the CRA or IRS for a tax refund to your bank account. You will be asked to click on a link to deposit this money into your account.
What You Should Do
Remember that the CRA or the IRS will never ask you for personal/confidential information over the phone, through an email or in a text message.
If you suspect you may be the victim of fraud or have been tricked into giving personal or financial information contact us right away.
Contact the Canadian Anti-Fraud Centre toll free at 1-888-495-8501 1-888-495-8501 or visit their website.
Need to Report Online Fraud?
Call Us
If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately.
If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately.
Report ID Fraud
If you think you are a victim of identity fraud and you are an RBC client
If you think you are a victim of identity fraud and you are an RBC client
Email/Website Fraud
If you have received a suspicious email or accessed a fraudulent RBC website
If you have received a suspicious email or accessed a fraudulent RBC website