Spoofed emails are becoming more sophisticated and the public should be aware of the tricks crooks use to try to separate you from your money, the Ontario Provincial Police warns.
The police service issued in the warning in light of March being Fraud Prevention Month in Ontario.
"Cybercriminals use spoofed emails, fake websites and malware links, which are malicious links designed to install harmful software, to steal personal information, compromise business accounts and redirect payments," the OPP states in a news release. "These tactics are becoming increasingly sophisticated, making fraud awareness and prevention critical."
Police said fraudulent emails and fake websites "are designed to look legitimate" and will closely mimic the look used by financial institutions, government agencies and familiar businesses, including copied logos, branding and professional formatting to appear authentic.
How to spot a spoofed email:
- Check the email address or domain name to ensure it's correct. Criminals can slightly altered these to fool you. (e.g. "opp.com" instead of "opp.ca")
- Take a close look at the text of links, email addresses and domain names. Criminals use lookalike characters to make fake names look legitimate (e.g. replacing the lowercase letter "a" with the Cyrillic letter "α")
- Be very wary of urgent or unexpected requests for payment or sensitive information
Cybercriminals also try to separate you from your money using ransomware attacks, which is a type of malware (another term for software that does damage) that encrypts files or locks up computer systems, forcing the person to pay a ransom (hence to name) to the crooks in order to get access to their computer again.
"These attacks often begin with phishing or spear-phishing emails, which use deceptive messages and infected attachments or links to steal information or gain unauthorized access," OPP said. "Once activated, the malware spreads through the system and may remain undetected before locking critical files."
How do you pick up malware? One way is by visiting unsafe or compromised websites (your computer will often give you a warning about an unsafe website; and it's usually best to heed the warning. Plugging infected USB drives or external devices into your computer can also introduce malware, as can using the internet without have security in place on your computer.
Other tips for avoiding ransomware attacks:
- Do not click on links, reply to messages or call numbers from unknown senders.
- Report suspicious texts by forwarding them to 7726 (SPAM).
- Delete all suspicious messages immediately.
- Keep your smartphone secure by updating your operating system and security software.
- Use multi-factor authentication for banking, social media and other sensitive accounts.
- Verify any unexpected text messages by checking official websites or contacting organizations directly.
- If you are a victim of smishing frauds, ensure to review the CAFC guide on What to do if you're a victim of fraud.
For more information on fraud prevention, visit opp.ca and sfo.opp.ca.
If you suspect fraudulent activity or have been a victim of fraud, report it immediately to your local police and the Canadian Anti-Fraud Centre at 1-888-495-8501 or online via the Fraud Reporting System.
