Skip to main content

Select a Category:

Look out for Email Scams

Social Engineering

Social engineering is the art of manipulating people so they give up confidential information. Cyber Criminals often use this tactic, which plays on human emotions, to trick their victims into giving them your passwords or bank information or access to your computer to secretly install malicious software.

  • You may be asked to reveal personal information, click on a link, or open an attachment.

  • They try to appeal to your emotions and create a sense of urgency. For instance, they might pose as an RBC employee and ask you to change or confirm your password by clicking on a link.

  • Their goal is usually to place malware, or malicious software, on your computer or mobile device. Malware is software designed to push ads to you, lock your computer unless you pay a ransom, or track your online activity.

Here are some different types of social engineering scams:


Phishing is one of the most common scams used by cyber criminals. They send you a phony email offer (telling you that you’ve won a vacation or a lottery, for example) hoping that you’ll take the bait and give them the information they’re seeking, usually your private information or your financial data.

Here’s how it works:

  • You’ll be asked to download a file or open an attachment – typically, this will be malicious software masquerading as a harmless file or program.

  • This software helps cyber criminals gain access to your personal and financial information.

What You Should Do

Other Forms of Phishing

Criminals will use any means at their disposal to try to get access to your information, not only email. Phishing scams can also come in the form of text messages to your mobile phone or tablet, or as messages through social media sites, or even telephone calls.

They will also tailor their phishing attacks to appeal to small groups of people (such as human resources professionals, or people sharing a hobby or interest) or even individuals, a practice known as Spear Phishing.

Fake Websites

Have you have ever received an email or text message from a seemingly familiar source asking you to update your profile or change your password due to some unforeseen circumstance?

To spoof a website or an email address means faking the identity of another user or company to make it look like it's from a legitimate source or a known sender.

Here’s how it works:

  • Using email software, criminals can spoof or imitate an email address or URL to trick recipients into believing that they’re corresponding with a legitimate person, be it a friend, family member, or representative of an organization.

  • They direct you to a website that looks authentic, but is actually just a carbon copy of the real one.

What You Should Do

Be Wary of Phone & Messaging Scams


If you receive a call from someone claiming to be from a reputable source who wants you to share your personal and banking information, it could be a “vishing” scam, a term derived from “voice” and “phishing.” Here’s how it works:

  • A cyber criminal will call you and pose as a representative of a reputable company.

  • They will attempt to get you to reveal personal information over the phone or perform an action, such as transferring money to another account or sending your bank cards to an address they provided.

  • You could also receive an unexpected call about a refund or an issue with your debit or credit card. To fix the “issue,” they ask you to confirm your payment and bank account details.

What You Should Do


Have you ever received a text message from a number you don’t recognize asking you to do something, like provide your private or financial information? It could be a smishing scam.

Smishing, a form of phishing, is when a cyber criminal tries to trick you into providing your personal information via SMS (Short Message Service) or a text. The name comes from combining SMS and ‘phishing’. Here’s how it works:

  • Cyber criminals will send out text messages asking the recipients to call a number or click on a link.
  • When you call the number or click the link, you’re asked to provide personal information, such as your credit card or bank account number.

What You Should Do

Protect Yourself from Social Media Scams

The rapid growth in popularity of social media sites, such as Facebook, Instagram or Twitter, has created more opportunities for cyber criminals, who use messaging functions to identify and contact possible victims. One of their most popular tactics on social media is called Angler Phishing. Here’s how it works:

  • Criminals identify active social media users and track public conversations or messages, looking for requests for technical help.

  • They send messages to these active users pretending to be the help desk for a legitimate business or organization, offering technical assistance or advice.

  • The criminals lead their targets to a phony social media account or page, where they are asked to give out personal information or even transfer money.

What You Should Do

Protect Yourself From Romance And Online Dating Scams

A romance scam is a fraudulent scheme in which a cyber criminal pretends to have romantic interest in a target.

The criminal’s goal is to establish a relationship as quickly as possible, endear themselves to the victim, gain trust, and eventually profess to have fallen in love. Ultimately, the scammer will ask for money or personal information from the victim under these false pretenses.

Romance scams often focus on older or isolated adults who may be more trusting and more vulnerable. Unfortunately, common targets are widows and widowers, but criminals will target anyone eager for a new relationship.

Here’s how it works:

  • Romance scams usually involve the criminal assuming a false online identity, typically on a dating or social networking site, for the purpose of tricking their victims.
  • They search social media sites, exploiting information that potential targets have posted, to gain their interest and trust.
  • The criminals may claim to have an emergency need for the funds or may request money for airfare to visit their victim, but never actually come.
  • Criminals will often ask for photos or personal information that could eventually be used to blackmail the victims for more money.

What You Should Do

Watch out for Tax Scams

Taxpayers should be vigilant when they receive a suspicious communication claiming to be from the Canada Revenue Agency (CRA) or the Internal Revenue Agency (IRS) in the US, requesting personal information such as a social insurance number, credit card number, bank account number, or passport number.

These scams typically start with a phone call (vishing), an email (phishing) or a text message (SMiShing) saying you owe back taxes, or that you are getting a larger refund than expected. The criminal poses as a CRA or an IRS agent in an attempt to gather personal information or to pressure you into making a payment.

Here’s how it works:

  • Criminals call you claiming that they are issuing a tax refund and need you to provide personal information to process the tax return.
  • The criminals play on your emotions by creating a sense of fear, indicating that failure to comply with their money demands may lead to your deportation, a lawsuit or an arrest if you do not pay immediately.
  • You will get an email or text message saying that several discrepancies have been found with the taxes you filed, which need to be updated. The email includes a link where you can update your information or an attachment, like a refund spreadsheet or form that actually contains malware or ransomware.
  • Criminals will try to trick you with what appears to be an e-transfer or a direct deposit from the CRA or IRS for a tax refund to your bank account. You will be asked to click on a link to deposit this money into your account.

What You Should Do

Need to Report Online Fraud?

Phone Icon

Call Us

If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately.

If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately.

Learn more

Report Icon

Report ID Fraud

If you think you are a victim of identity fraud and you are an RBC client

If you think you are a victim of identity fraud and you are an RBC client

Learn more

Email Icon

Email/Website Fraud

If you have received a suspicious email or accessed a fraudulent RBC website

If you have received a suspicious email or accessed a fraudulent RBC website

Learn more