TORONTO Change City

TORONTO'S NEWS

Saturday, March 13, 2010

New Email Scam Warning

2007/05/28 | CityNews.ca Staff

Comment  |   |  Bookmark and Share
New Email Scam Warning

STORY TOOLS

email this storyEMAIL THIS STORY
print this storyPRINT THIS STORY
SMALLER / LARGER TEXT SMALLER / LARGER TEXT
sign up for news alertsSIGN UP FOR NEWS ALERTS

It arrives in your inbox looking like something that needs your immediate attention. It appears to be from the Royal Bank, one of Canada's major financial institutions. It shows a smiling woman, an RBC logo, even the colours are prefect. But looks are the only real thing about it. The site is a scam, designed to get personal details on you from the most knowledgeable source in existence - yourself.

Why did crooks choose the Royal? "Maybe because they're the biggest bank, but we've seen them spoof all of the different banks," responds Maura Drew-Lyttle of the Canadian Bankers' Association. "Why them? I don't know."

To respond, you simply have to hit a link, enter some information and they'll take care of the rest. But what they really take care of is your money. If you receive an email like this and respond to it, you're not only out of luck but out of money. It's what's known as a "phishing scam" designed to get you to give up your PIN and your passwords. Thieves then use the information to clean out your account.

There's nothing new about the scheme, of course. Crooks have been using the Internet for years to try and figure out new ways to cheat you. The Anti-Phishing Working Group last month alone found 55,000 such phony web sites around the world.

The fake RBC one is typical. It tells you that your account needs updating - along with your passwords and personal information, and provides you with a handy link. You then get taken to a page that looks just like the real thing. The crooks have taken enormous care to make it appear to be the original - so good, it could almost fool an expert. Gone are the days of spelling mistakes and design errors.

But it's not just the Royal. Similar schemes have involved everyone from H&R Block to eBay. 

So what can you do to protect yourself? Be careful what you give out. Check for the 'lock' symbol, which indicates a secure site. And review the web address - but don't click on it - by resting your mouse on the link. See if it's the same one that you're used to. A Canadian site shouldn't be sending you to Russia or Romania. And look out for the biggest clue of all - what the mail is asking you for. "A bank would never send you an e-mail asking you for any sort of personal information or to log on and verify your personal information," Drew-Lyttle adds. "They already have that."

There are places (listed below) where you can report the emails if you get them. But your best bet is never to open them at all and hit the delete key instead.

the Royal Bank itself

See an example of the scam

Phonebusters: how to report it