Financial Consumer Agency of Canada - Agence de la consommation en matière financière du Canada

FrançaisContact UsHelpSearchCanada Site
HomeSite MapGlossaryLinksPublications
About FCAC
About the Financial Services Sector
For Consumers
Consumer Protection
Resource Centre
Making a Complaint
Consumer Alerts
Questions and Answers
ABM Fees on Cash Withdrawals
Try Our Quizzes
submenu_tab
For the Industry
Media Room


Top Line

 For Consumers

 Consumer Alerts


7/19/2006

E-mail and Telephone Fraud Warning

Consumers should be aware of a new scam known as “vishing”, short for “voice phishing”.  Vishing is a variation on the “phishing” e-mail scams that have been used by fraudsters in recent years.  

The original phishing e-mails are crafted to look like messages from major banks or other financial service providers (sample provided below). These messages generally instruct recipients to click a link in the e-mail to confirm their personal information. The link then connects them to a bogus site that mimics the service provider’s site, where consumers are prompted to provide or verify private information, such as credit card numbers or an on-line banking password, which is then used by thieves to tap into accounts.

Vishing hooks consumers using two different approaches. The e-mail based version of the scam, like the original phishing, uses e-mails that mimic messages from an online payment service provider, such as PayPal or eBay. The messages may say that there is some problem with the recipient’s account. Instead of providing a link to a fake website, vishing e-mails provide a false customer-support telephone number. When consumers call, an automated service prompts them to “log in” by providing account numbers and passwords, using the telephone keypad.

Consumers may also receive direct calls at home, or messages left on their answering machine warning that their account may be at risk and suggesting they call customer support immediately.  Fraud artists may even try to gain consumers’ trust by “confirming” personal information they have on file, such as the clients full name, address or credit card number. 

If you receive one of these messages:

1 DO NOT respond to an e- mail asking you to disclose personal information, such as an online password, your debit or credit card numbers or your personal identification number (PIN).
2 Do NOT use the phone number provided in the e-mail or in the telephone message without first verifying that it is valid. To confirm that the phone number provided is legitimate, contact your financial institution using the phone number provided on the back of your debit or credit card, your monthly statement or a published number you have looked up yourself.
3 In some cases, financial institutions may contact you by phone or leave you a voicemail message if they suspect fraudulent activity on your debit or credit card or account.  As part of a legitimate conversation with your financial institution, you may be asked questions to ensure they are speaking to their client.  You will NOT, however, be asked to verbally provide your PIN or password.  Use the procedures above to make sure that the financial institution you are speaking with is legitimate.
4 As a general rule, always be cautious about how and with whom you share personal and financial information.

Many financial institutions have publicly committed to protecting their customers in the event of fraud. FCAC oversees public commitments made by federally regulated financial institutions. If you are the victim of fraud as the result of a phishing or vishing scam and are being held liable by a federally regulated financial insitution, or for more information on your rights and responsibilities, please contact FCAC toll-free at: 1-866-461-3222.


Tip: Always verify that any e-mail you receive from a financial institution is legitimate by calling the number on your statement or bankcard and speaking to a customer representative.


Sample fraudulent e-mail:

Sample fraudulent e-mail




E-mail and Telephone Fraud Warning
"Phishing and Vishing"



Related Links

Warning Circulars
Office of the Superintendent of Financial Insitutions: As part of its contribution to the soundness of the Canadian financial system, OSFI publishes the names of entities that it believes may be of concern to the business community and the public.

Latest Scams/Fraud
Royal Canadian Mounted Police

PhoneBusters
Established in January of 1993, PhoneBusters is a national anti-fraud call centre jointly operated by the Ontario Provincial Police and the Royal Canadian Mounted Police. PhoneBusters plays a key role in educating the public about specific fraudulent telemarketing pitches.

Public Safety Portal
Public Safety The Public Safety Portal is your one-window access to government information, services and programs related to public safety and security in Canada.
FCAC/ACFC Toll-free 1.866.461.FCAC (3222) Protecting Consumers / Informing Canadians
Print IconPrintable Version

Last Modified: 2006-07-25
 Important Notices