In the last few weeks, I’ve almost been a victim of a few attempted scams. I bring this up because we do get calls from our clients asking if the forms, or emails or phone calls they receive from RBC are legitimate or not.
I fell for one such scam: I received a phone call from RBC directly to my office number. They identified themselves as working for RBC Bank, and that I had some suspicious transactions that they wanted to make sure weren’t mine. I asked for verification that it was RBC, and they gave a very polished answer, and also said “We aren’t going to be asking for anything confidential”. They then asked me to confirm that my name was Joshua Kingsmill, and that I worked for RBC. This caller even asked: can you confirm the rest of the RBC Credit card starting with “1234” (not the actual numbers).
It turns out that most RBC Credit Cards start with the same 4 numbers. It was only when I asked them if could call them back to continue the conversation, and they were evasive that I realized that I was being scammed. I hung up, called back the number that was displayed, and the number “was not available”. So I went immediately to my bank branch, had the credit card canceled, and the teller confirmed with me that this is the latest “innovation”.
Bottom line: don’t be like this guy below, and flash your card while you're having a coffee on a patio, conducting banking in a public space!
So, whether by email, phone, social media, or even actually face-to-face, it is important to know how cybercriminals attempt to access your personal and financial information. Here are some of their tactics:
- Social Engineering
Social engineering is the art of manipulating people so they give up confidential information. Cyber Criminals often use this tactic, which plays on human emotions, to trick their victims into giving them your passwords or bank information or access to your computer to secretly install malicious software.
You may be asked to reveal personal information, click on a link, or open an attachment.
They try to appeal to your emotions and create a sense of urgency. For instance, they might pose as an RBC employee and ask you to change or confirm your password by clicking on a link.
Their goal is usually to place malware, or malicious software, on your computer or mobile device. Malware is software designed to push ads to you, lock your computer unless you pay a ransom, or track your online activity.
If you receive a suspicious email from RBC, please contact Avril and me, and forward the email to phishing@rbc.com and then delete it
- Vishing
If you receive a call from someone claiming to be from a reputable source who wants you to share your personal and banking information, it could be a “vishing” scam, a term derived from “voice” and “phishing.” Here’s how it work (this is what happened to me): We wary of phone & messaging scams
- A cyber-criminal will call you and pose as a representative of a reputable company.
- They will attempt to get you to reveal personal information over the phone or perform an action, such as transferring money to another account or sending your bank cards to an address they provided.
- You could also receive an unexpected call about a refund or an issue with your debit or credit card. To fix the “issue,” they ask you to confirm your payment and bank account details.
If you accidentally share your banking information, Call RBC immediately (1-800-769-2511)
- Watch out for Tax Scams
Taxpayers should be vigilant when they receive a suspicious communication claiming to be from the Canada Revenue Agency (CRA) or the Internal Revenue Agency (IRS) in the US, requesting personal information such as a social insurance number, credit card number, bank account number, or passport number (I get these all the time!).
These scams typically start with a phone call (fishing), an email (phishing), or a text message ("SMS-shing") saying you owe back taxes, or that you are getting a larger refund than expected. The criminal poses as a CRA or an IRS agent in an attempt to gather personal information or to pressure you into making a payment.
Here’s how it works:
- Criminals call you claiming that they are issuing a tax refund and need you to provide personal information to process the tax return.
- The criminals play on your emotions by creating a sense of fear, indicating that failure to comply with their money demands may lead to your deportation, a lawsuit or an arrest if you do not pay immediately.
- You will get an email or text message saying that several discrepancies have been found with the taxes you filed, which need to be updated. The email includes a link where you can update your information or an attachment, like a refund spreadsheet or form that actually contains malware or ransomware.
- Criminals will try to trick you with what appears to be an e-transfer or a direct deposit from the CRA or IRS for a tax refund to your bank account. You will be asked to click on a link to deposit this money into your account.
The CRA will never ask you for personal/confidential information over the phone, email, or text
As I was preparing this post, I was telling Avril the subject, and we would both add, that at least in Toronto we have both had people drive up to us, roll down the window from the back seat of a car, and say something like: “excuse me, I’m stuck in the Uber/Taxi because my card won't work. Can I give you cash and you pay the Uber/Taxi for me?" We didn’t fall for it, but of course, they will take your info, and drain bank accounts.
I’ve got two cracks at this, for the French Open in Roland Garros. For the first time since 1998, neither Roger Feder nor Raphael Nadal are competing in Paris at Roland Garros, which is a reminder to me of how old I am getting! As much as it pains me, I think Novak Djokovic is going to win on the Men’s side, and Iga Swiatek will be hoisting the Suzanne-Lenglen Cup.
P.S. Told you they would solve the debt ceiling.
Have a great weekend.