**** Anti-Fraud Centre Release

Fraud Alert!

Spear phishing is one of the most common and most dangerous attack methods currently used to conduct fraud, usually on businesses and organizations. Fraudsters take their time to collect information on their intended targets, so they can send convincing emails seemingly from a trusted source.

Warning signs

• unsolicited emails
• direct contact from a senior official you are not normally in contact with
• requests for absolute confidentiality
• pressure or a sense of urgency
• unusual requests that do not follow internal procedures
• threats or unusual promises of reward

Spear phishing scams involve scammers pretending to be from legitimate sources to convince businesses or individuals to send them money. These scams leverage existing relationships between the person receiving the email and the person sending it. The sender’s address appears to be the actual email address of the source they’re pretending to be, a tactic known as spoofing. Many variations have been reported to us.

Business executive spoofs

Gift card variation

When targeting a business, a scammer sends an employee an email that appears to come from the owner, the president or another high-ranking employee. The email claims the boss is working offsite and needs help to buy gift cards for employee rewards or birthday gifts.

When targeting an individual, a scammer sends an email from a compromised and/or spoofed email account that appears to come from a known contact, such as a family member or friend. The email claims that the sender needs assistance to buy gift cards for birthday gifts or something else.

Wire transfer variation

In this variation, the email directs the employee to send an urgent, large wire transfer (e.g., more than $100,000) to a foreign account.

Financial industry client spoof

A scammer targets financial institutions, investment brokers and financial dealers with a spoofed email that appears to come from an existing client. The email directs the business to do an urgent wire transfer, usually to a foreign account.

Head office spoof

A scammer calls a franchise business and claims be from the head office. They tell the employee who answers the phone that there are problems with one of the financial products offered, such as gift cards or money transfer services. They ask the employee to select some prepaid cards, activate them, and provide them to the scammer. The scammer may also ask them to conduct a series of money transfers.

Payroll spoof

A scammer sends an email that appears to come from an existing employee. They request a change to the employee’s direct deposit information. This tricks the company into depositing the employee’s paycheque into a fraudulent account.

Supplier/contractor swindle

A scammer targets businesses that have an existing relationship with a supplier, wholesaler or contractors. They send a spoofed email informing the business of a change in payment details. The email provides new banking information. It requests that the business make future payments to this “new” account.

Report fraud and cybercrime

Scams and cybercrimes can touch anyone, anywhere, at any time.

If you or a family member have been affected, report it to us — even if you didn’t lose any money.

If you or a family member did lose money, please contact your local police as well.

Reporting to the Canadian Anti-Fraud Centre

Online – Reporting System

You can log into the Reporting System tool using either:

• GC Key (user ID/password)
• Government Sign-In by Verified.Me

Learn more about the secure sign-in methods.

Tips for reporting online

The system will log you out if there is no activity for 20 consecutive minutes. If this happens, you won’t be able to complete your report. You’ll need to start over or call our toll-free line to report (1-888-495-8501).

By phone

Toll free: 1-888-495-8501

We answer calls Monday to Friday, from 9 am to 4:45 pm (Eastern time) and close on holidays.