Skip to main content

Common Schemes & Scams Online

The following are common scams used to gain access to personal and financial data.

Phishing

Phishing is a common online scam designed to trick you into disclosing your personal or financial information for the purpose of financial fraud or identity theft.

Phishing Information Table

Here's how it works:


You receive an unsolicited email appearing to be from a legitimate company. A typical phishing email will give you a phoney reason, such as a security breach or contest, to trick you into providing your personal information.
The email will often include a reason that urges you to click on a link that takes you to a fake website. That fake website will look authentic by copying the brand name and logo of the real company. This phoney site will ask you for personal information such as credit card numbers, account numbers, passwords, date of birth, driver's license number, and social insurance or social security numbers. While you may think you are giving your information to a valid company, instead you are providing it to a fraudster!

Why did I receive a phishing email?


You received a phishing email simply because your email address has ended up in the hands of a fraudster.
Email addresses are easily obtained and shared on the Internet – just like phone numbers and mailing addresses. But, other than having your email address, it is unlikely the fraudster knows anything else about you – not even your name.

So, these fraudsters need to do three things to be successful:
  • Target companies with large numbers of customers...the more, the better!
  • Send thousands of phishing emails in order to reach as many of these customers as possible (many of the emails are also received by non-customers).
  • Write the email messages in such a way as to trick people into revealing their confidential information.

How to protect yourself


Phishing emails are becoming more sophisticated and can be tricky to spot. Being able to recognize phishing emails can help prevent you from becoming a victim.

Follow these tips to help you avoid falling victim to phishing scams:
  • Never provide your confidential or financial information over the Internet in response to unsolicited emails.
  • Play it safe! If you don't know the source of an email or if it looks suspicious, do not open it.
  • Ensure the address in your browser's address bar begins with "https" when entering personal information. That means your information is being secured. If the address begins with only "http" do not enter any information.
  • Also be wary of security alerts or unusual pop-up messages requiring input while you are on a website.
  • Be cautious! Even if you recognize a sender's email address, do not rely on that alone because addresses may be faked. Pay attention to the contents of the email and be careful of any embedded links.
  • Never click on a link in an email that you suspect may be fake.
  • Be sure! If you are unsure whether you are on a legitimate website, reopen your internet browser and type the company URL in the address bar yourself.
  • Before you enter confidential or financial information online, check for the lock icon on your browser. Ensure the URL in the browser address bar starts with "https."
  • Be alert! Just because an email or website appears to be from a legitimate company doesn't mean it is. Phishing schemes are designed to look real to trick users into divulging personal information for the purpose of financial fraud or identity theft.

If you are unsure if the website is a valid RBC company site play it safe. Do not sign in or enter any personal information. Instead, contact us.

If you've been a victim


If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call your local branch or client contact centre immediately.
For phishing emails, please notify us by forwarding the suspicious email to phishing@rbc.com for analysis. Please note that phishing@rbc.com is an automated mailbox for reporting phishing and website fraud only – we are unable to provide responses from this mailbox. If you require a response, please direct your question through the phone numbers listed here. To report fake websites masquerading as RBC company websites, send an email to phishing@rbc.com with the subject "Fake RBC website." Remember to copy the full URL (website address) into the body of the email.

Skimming

Skimming is the act of obtaining information from a debit or credit card. Most of this data is obtained with a card reader device when the card is used. The PIN is often obtained separately, usually by someone who is watching or by hidden cameras or sophisticated devices that may be attached to the machine used. Once the magnetic strip data and PIN are obtained, a counterfeit card is produced and then used.

What to do about skimming table

How to protect yourself


Always shield the keypad when you enter your PIN at an ATM or point-of-sale terminal. Do not use an ATM that you suspect may have been tampered with. Keep track of your account balance and debits, and report any fraudulent or missing activity immediately. Beware of unauthorized persons asking for your PIN. No law-abiding employee, police officer, financial advisor or lawyer will ever ask you for your PIN. This is strictly confidential information that provides access to the funds in your account. If you are contacted and asked for your PIN, do not respond, either by phone or email. Check that all your cards are in your possession and report any loss immediately. Even if your cards are in your possession, contact the institution the caller is claiming to be from and report the incident.

If you've been a victim


If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call your local branch or client contact centre immediately.
For phishing emails, please notify us by forwarding the suspicious email to phishing@rbc.com for analysis. Please note that phishing@rbc.com is an automated mailbox for reporting phishing and website fraud only – we are unable to provide responses from this mailbox. If you require a response, please direct your question through the phone numbers listed here. To report fake websites masquerading as RBC company websites, send an email to phishing@rbc.com with the subject "Fake RBC website." Remember to copy the full URL (website address) into the body of the email.

Fake Charities

If you receive an unsolicited call, asking you to donate to a charitable cause, don't give your credit card number over the phone or agree to have someone collect a cheque in person.

What to do about fake charities table

How to protect yourself


Do not return the phone call until you independently verify that the phone number is legitimate.

If you've been a victim


If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call your local branch or client contact centre immediately.
For phishing emails, please notify us by forwarding the suspicious email to phishing@rbc.com for analysis. Please note that phishing@rbc.com is an automated mailbox for reporting phishing and website fraud only – we are unable to provide responses from this mailbox. If you require a response, please direct your question through the phone numbers listed here. To report fake websites masquerading as RBC company websites, send an email to phishing@rbc.com with the subject "Fake RBC website." Remember to copy the full URL (website address) into the body of the email.

Card Switching and Shoulder Surfing

While at an ATM, be aware of anyone who tells you that you've dropped something or offers to help you enter your PIN. As you stoop to retrieve a dropped item, they may exchange your Client Card for another card. Then, working together, another person standing nearby will attempt to observe you as you enter your PIN so that both your card and your PIN are in their possession.

What to do about card switching and shoulder surfing table

How to protect yourself


Never let anyone help you enter your PIN. Before you put your card back in your wallet, check the name to ensure it is your card. If it is not, report the incident immediately. Do not use an ATM that looks like it has been tampered with.

If you've been a victim


If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call your local branch or client contact centre immediately.
For phishing emails, please notify us by forwarding the suspicious email to phishing@rbc.com for analysis. Please note that phishing@rbc.com is an automated mailbox for reporting phishing and website fraud only – we are unable to provide responses from this mailbox. If you require a response, please direct your question through the phone numbers listed here. To report fake websites masquerading as RBC company websites, send an email to phishing@rbc.com with the subject "Fake RBC website." Remember to copy the full URL (website address) into the body of the email.

Telemarketing Scams

These scams are when you are contacted by a supposed telemarketing firm, claiming that you have won a prize or a trip, but asking for your credit card number, requesting that you purchase a promotional item, or that you pay the taxes for that prize or trip, in order to collect your winnings.

What to do about telemarketing scams table

How to protect yourself


Be highly suspicious when receiving voicemail messages directing you to call and provide credit card or bank numbers. These types of scams are called "Vishing". Rather than provide any information, we advise you to discontinue the call and contact your bank or credit card company directly to verify the validity of the message or the prize. If you think that you may be involved in a telemarketing scam, contact the authorities.

If you've been a victim


If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call your local branch or client contact centre immediately.
For phishing emails, please notify us by forwarding the suspicious email to phishing@rbc.com for analysis. Please note that phishing@rbc.com is an automated mailbox for reporting phishing and website fraud only – we are unable to provide responses from this mailbox. If you require a response, please direct your question through the phone numbers listed here. To report fake websites masquerading as RBC company websites, send an email to phishing@rbc.com with the subject "Fake RBC website." Remember to copy the full URL (website address) into the body of the email.

Unusual Requests That Are "Too Good to be True"

Be suspicious if you are contacted by phone, mail, email or fax and told that you've won, inherited or been included in a business venture involving large sums of money. Also be alerted to another scam, if you are selling personal property (e.g. a car or other goods). A fraudulent person may pose as an interested buyer, pay for the goods with a cheque that's substantially greater than the asking price, and then call you to request that you return the overpayment. In many cases, the original cheque is stolen, counterfeit or altered and is not returned to RBC until a much later date. You won't discover there is a problem with the cheque until you have returned the so-called "overpayment."

What to do about unusual requests table

How to protect yourself


Be careful about sending any funds back by cheque or wire transfer. If you are sending a payment via wire, ensure that you are comfortable with your transaction and that you are fully aware of to whom you are sending the funds. If an individual or third party asks you to make a deposit or open an account on their behalf, ensure you are confident of their identity and the validity of their reasons for the request before you do so. Be extremely wary of this kind of request.

If you've been a victim


If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call your local branch or client contact centre immediately.
For phishing emails, please notify us by forwarding the suspicious email to phishing@rbc.com for analysis. Please note that phishing@rbc.com is an automated mailbox for reporting phishing and website fraud only – we are unable to provide responses from this mailbox. If you require a response, please direct your question through the phone numbers listed here. To report fake websites masquerading as RBC company websites, send an email to phishing@rbc.com with the subject "Fake RBC website." Remember to copy the full URL (website address) into the body of the email.

Job Scams

Advertising of opportunities to make extra money, earn money from home or make a career move have never been greater. Unfortunately not all employment advertisements are legitimate. Avoid a type of job scam known as a payment-forwarding or payment-transfer scam. Be wary of jobs where you are asked to accept and transfer money from one bank account to another. Often the receiving bank account will be in a different country, and you will be requested to have an account at a specific bank. You may be instructed to keep a small percentage of the money being transferred as payment. The details of this type of scam varies and can be quite clever. Fraudsters may request a job applicant's bank account information in order to set up a direct-deposit payment schedule, or they may transfer the funds themselves without the applicant's knowledge. Fraudsters may steal company names and corporate logos to make their ad or email more convincing. They may also scan for resumes that job seekers have posted online and then contact them directly.

What to do about job scams table

How to protect yourself


Always ensure any potential employers and requests are legitimate. Be aware of this type of scam. If you transfer money that has been stolen or is being laundered you could be an accomplice to the crime, under the law.

If you've been a victim


If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call your local branch or client contact centre immediately.
For phishing emails, please notify us by forwarding the suspicious email to phishing@rbc.com for analysis. Please note that phishing@rbc.com is an automated mailbox for reporting phishing and website fraud only – we are unable to provide responses from this mailbox. If you require a response, please direct your question through the phone numbers listed here. To report fake websites masquerading as RBC company websites, send an email to phishing@rbc.com with the subject "Fake RBC website." Remember to copy the full URL (website address) into the body of the email.

Advance-Fee Scams

Posing as a reputable financial institution by copying its brand and logo, fraudsters promote supposed pre-approved loans and mortgages or unusually high interest rates for investment products. Business is solicited on the strength of the reputation of the financial institution, and money is requested up front to secure the approved credit or high-return investment product.

What to do about advance-fee scams table

How to protect yourself


Always ensure that the institution and offer is legitimate. If you are uncertain, call the institution to verify the offer using the institution's legitimate phone number that you have independently obtained, not the phone number printed on the suspicious offer.

If you've been a victim


If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call your local branch or client contact centre immediately.
For phishing emails, please notify us by forwarding the suspicious email to phishing@rbc.com for analysis. Please note that phishing@rbc.com is an automated mailbox for reporting phishing and website fraud only – we are unable to provide responses from this mailbox. If you require a response, please direct your question through the phone numbers listed here. To report fake websites masquerading as RBC company websites, send an email to phishing@rbc.com with the subject "Fake RBC website." Remember to copy the full URL (website address) into the body of the email.