March 2nd, 2016
What's the issue?
On March 1st 2016, the Bank of Canada acknowledged the circulation of fake emails claiming to be from the bank, with the purpose of stealing money and/or financial information from the recipients. The bank is cautioning Canadians that cybercriminals are fabricating emails using the bank's name, logos and letterhead to appear as if it is coming from the Bank of Canada, as a scam to trick people to comply with their fraudulent requests.
How are cybercriminals using this scam?
The Bank of Canada has not specified how exactly the cybercriminals are using the fake email to con people. However, like any other phishing scam the cybercriminals intention is to create an authentic looking email from a recognizable organization with an urgent or threatening message to elicit a quick reaction from the target. Often this quick reaction is a trap door inviting the cybercriminals into your computer, your private information, and even your bank account.
What does this mean to me?
The Bank of Canada wants to remind the public of their policy, and any Internet-based communication that goes against their policy can be assumed as fraudulent.
The Bank of Canada is Canada's central bank:
- It does not accept deposits from or on behalf of individuals.
- It does not collect personal or financial information from individuals through email.
- It does not request personal or financial information through social media messaging applications.
The Bank's employees and officers do not:
- request personal or financial information through email or social media messaging applications.
- participate in any Internet-based communications that request information or payment for services.
What should I do?
If you have concerns about any Internet-based communications from The Bank of Canada, they have advised to take these steps:
With any email communications, remember to:
- Be vigilant with your email communications, make sure you are communicating with a familiar or real email account.
- Before clicking on any links, verify that the URL address is real.
- Do not open any email attachments you are not expecting.