Phishing is a fraud technique used to steal a person’s personal information or money. Fraudsters send e-mails or text messages while pretending to be a well-known, trusted entity, like a financial institution or government.

What to know about phishing

Some phishing attempts can be so convincing they can easily pass for real messages. Scammers use the style and tone of reputable institutions to put you off your guard.

Here is a typical example of a fraudulent message:

XYZ Bank

Dear member,

The last time you logged in to XYZ’s on-line services, our system detected a user error. This may have happened because:

  • You forgot to log out or close your Internet browser after your session;
  • You did not log out of your on-line services session correctly;
  • You closed your browser before completing your transaction; or
  • Your browser no longer meets the minimum requirements.

Although this error has not compromised the security of your account, you still need to reactivate access by following these instructions: Click here

This type of message is intended to create a sense of urgency and provide credibility. Fraudsters may also use other pretexts, such as:

  • “The company has been a victim of fraud.”
  • “Suspicious transactions have been detected in your account.”
  • “New regulations require us to update your personal information.”
  • “We need to verify your identity following a fraud attempt.”

When you click on the link and enter your information, you may be redirected to a fake site that looks exactly like your institution’s website. The sole purpose of this website is to collect your data, which may then be used to:

  • empty your bank account
  • steal your identity
  • commit other types of fraud in your name

Sometimes the e-mail will contain an attachment. If you open it, you may unknowingly download malicious software (malware) that will allow the fraudsters to access your personal information or control your device.

Whatever the method the fraudsters use, once they have access to your data, they can cause you problems for many years.

Red flags

Here are some signs that a message may be fraudulent:

  • It comes from a financial institution or organization you have never done business with before.
  • You’re pressured to respond quickly.
  • You’re asked to click on a link or open an attachment.
  • The message asks for personal or banking information.
  • The tone of the message puts you in a state of urgency or emergency.

Tips and tricks to avoid this type of fraud

  • Never click on a link appearing in an unsolicited message without first carrying out the necessary checks, especially if the message asks you for personal or banking information.
  • Do not download any attachments from unexpected e-mails or text messages.
  • If you receive a message that appears to come from an institution you know, type the full website address into your browser rather than clicking on the link.
  • Contact the institution or organization directly, using the contact information on their website, to verify the legitimacy of the message or to inform it that fraudsters are using its identity.
  • Remain calm and be wary of messages that threaten serious consequences if you don’t respond immediately.

What to do in the event of fraud

Anyone can be a victim of fraud, so don’t beat yourself up. Fraudsters are clever and know how to deceive even the most vigilant among us.

Refer to the You’re a victim of fraud? page to find out what to do, and contact the AMF if the fraud involves purported investments.

You should also break off all communications with the individual or individuals involved and stop sending information or money.

Be careful: Fraudsters often target their victims more than once. They may contact you claiming to be a lawyer, financial institution or firm specializing in financial fraud cases and offer to recover the money you lost.