On the heels of the Canadian Anti-Fraud Centre issuing a national alert about spear-phishing, Vancouver Island RCMP are issuing a warning.
RCMP Constable Carlie McCann explains why this type of scam is more effective than the more traditional kinds.
“Spear-phishing can be an effective type of fraud because it targets an individual rather than sending a mass message to a large number of people,” said McCann. “It relies on the scammers’ ability to make their message appear legitimate so that victims are less likely to question a request for money and more likely to provide personal banking information.”
These are elaborate scams and a VicPD release said fraudsters will invade a business or individual email account. Scammers will make a rule to send copies of incoming emails to one of their accounts.
What do they do with these emails?
- study the sender’s use of language
- look for patterns linked to important contacts, payments, and dates
According to the Canadian Anti-Fraud Centre alert, variations of spear-phishing attacks include:
- A business receives a duplicate invoice with updated payment details supposedly from an existing supplier or contractor
- An accountant or financial planner receives a large withdrawal request that looks like it’s coming from their client’s email
- Payroll receives an email claiming to be from an employee looking to update their bank account information
- Members of a church, synagogue, temple, or mosque receive a donation request by email claiming to be from their religious leader
- An email that seems to come from a trusted source asks you to download an attachment, but the attachment is a malware that infiltrates an entire network or infrastructure
- An email that seems to come from a trusted source asks you to buy gift cards
McCann said you need to look for specific warning signs.
“The Canadian Anti-Fraud Centre provides some warning signs for spear-phishing frauds,” said McCann. “They say that emails that include threats or unusual promises of reward, pressure or a sense of urgency, unsolicited outreach, requests for absolute confidentiality, and correspondence from a senior official, or others outside of your usual contacts are things you should be wary of.”
You can protect yourself by:
- Remain current on frauds targeting business and educate all employees
- Include fraud training as part of new employee onboarding
- Put in place detailed payment procedures and institute a verification step for unusual requests.
- Establish fraud identifying, managing and reporting procedures
- Avoid opening unsolicited emails or clicking on suspicious links or attachments
- Take a few seconds to hover over an email address or link and confirm that they are correct
- Restrict the amount of information shared publicly and show caution with regards to social media
- Upgrade and update technical security software
Examples of these types of scams in Victoria and Esquimalt are available on the VicPD release.
If you know someone who has fallen victim to fraud or attempted fraud, call the Canadian Anti-Fraud Centre at 1-888-495-8501 or by visiting this website.