Editor note about a new scam in Canada: recently we’ve heard reports of a scam claiming to offer a great limited time offer from Best Buy (either Best Buy Canada, Best Buy Mobile, or Geek Squad). This can be confusing for customers because many scammers have the ability to spoof their phone details so it appears to be Best Buy calling. As the article below clearly state, Best Buy would never reach out to people like this.
However, if the customer accepts the offer and replies with credit card details, they do not get what has been promised. Sometimes they get something different than was promised (like a different phone perhaps). When they reach out about the error, they are told to return the item and an even better offer is made. In all cases the customer is left without further communication and is out pocket. If you are approached with an offer from any company, including Best Buy, you should reach out to that company directly (getting their contact information from their website). If you suspect the claim is fraudulent reach out to the authorities (as discussed below).
People are shopping online more, spending more, and using their PCs and mobile devices online more. The combination is more than scammers can resist, so they are upping their efforts, with phone calls, e-mails and website malware designed to part you from your money. One recent trend has seen Canadians receiving calls from someone posing as a Geek Squad agent, claiming they owe hundreds of dollars. Another recent one is for Canadians to receive a text message telling them they won a prize from Best Buy then sending them to a website to input personal information. Needless to say, these are criminals taking advantage of the public’s recognition of Geek Squad and Best Buy in an attempt to shake them down for money. Neither Best Buy nor Geek Squad will contact customers in these ways, or ever call customers demanding money.
Here’s how to avoid falling victim to internet and phone scams.
Phone, text, and email scam tactics are getting more aggressive
Scammers are calling peoples’ home phone and smart phones (even using text messages) and they are getting increasingly aggressive.
Among the common ruses are claims of being with the Canadian Revenue Agency (CRA). Callers request personal information such as a social insurance number or credit card number in order to process a refund. A disturbing trend has been callers who use threats and stern language, claiming that their victim owes money to the government and must pay immediately or they will be arrested. Recently, there have also been reports of callers posing as Geek Squad agents and demanding payments of hundreds of dollars for computer-related issues.
In some cases the scammers are even able to spoof phone numbers so it appears as though they are calling from a legitimate number. Be skeptical!
The CRA doesn’t call and demand Canadians withdraw money immediately to pay off tax assessments (the agency suggests contacting them directly if you receive a call of this nature), and Geek Squad certainly doesn’t make calls like this either.
For more tips, be sure to read this guideline on how to identify and protect yourself from phone scammers.
Real companies and government agencies don’t demand payment in gift cards
Scammers can run into issues where banks and credit card companies stop payments on their extortion attempts if the victim catches on quickly enough. So some have turned to demanding payment via gift cards or crypto currency instead. That in itself is a huge warning sign that you are dealing with a scammer: no retailer, support company, or government agency is going to call you up and ask you to pay a fee using gift cards or Bitcoin.
Tech support won’t call you out of the blue
If you get a call from a someone claiming to be from technical support—Apple, Microsoft, Geek Squad, your cellular provider, or whatever—this is almost undoubtedly a scammer. Unless you previously placed a call looking for help and followup was promised, you are not going to get a call out of the blue from any tech support staff. These companies do not randomly need remote access to your computer to scan it for viruses, and they do not need to check to see if it needs a system upgrade, so don’t give them access. Admittedly, the scammers can be convincing, often leading with questions that ring of truth. For example, they might ask if you’ve noticed a recent slowdown in your internet performance—don’t fall for it.
If you think for some reason that the call might be legitimate, hang up, then call the company back at its official phone number listed on their website and ask if there is an open ticket for your name. Odds are high they’ll have no idea what you are talking about because the call you received was from a scammer trying to gain access to your computer—and your personal info.
Another recent tactic used by scammers is a con that takes advantage of several trends: celebrity smartphone hacking and a general distrust of smart or connected devices. The ruse usually goes along the lines of the scammer claiming to have hacked a computer webcam to record compromising video of the victim. Perhaps instead, they claim to have access to records showing visits to questionable websites. The victim is told to make a payment (often in Bitcoin) immediately or the embarrassing info will be released to the public, or to their family.
In the vast majority of cases, the claims are false. Without compromising a computer via malware, gaining access to its webcam or browsing history is rare. If you are concerned, make sure your devices are protected with security software, and consider a webcam cover that physically blocks the lens when not in use.
Protect yourself and your family from phishing
Phishing is one of the biggest security issues, and the criminals running these schemes are getting more sophisticated. Phishing is an attempt to trick you into revealing confidential information, to download malware, or to visit a website where your computer will be attacked.
To protect yourself and your family from phishing attacks, there are several key strategies to follow. The first is to take a deep breath and take your time. One of the primary methods used is to give a sense of urgency. Your account is about to be shut down! That is designed to trick you into acting quickly, without thinking. However, if there is something truly urgent, your bank, ISP or the CRA are not going to send you an e-mail directing you to take immediate action.
Make sure that you don’t act right away on any e-mail and make sure your family members know not to do so.
Once that moment of panic passes, a close examination of the e-mail will almost always reveal hints of its sinister purpose. For example, the sender is often a clearly unofficial account. The e-mail will address you in a general term, such as “dear customer.” There are often typos (although they have been improving on this front). There is always a link to click or an attachment to download.
Don’t do it.
If you have any concern the e-mail might be legitimate, call the company or agency who supposedly sent it.
The example below is supposed to be from Apple, and it could pass for legit if you just glanced at it. You can see the signs that this is a phishing attempt, including the sense of urgency, the awkward wording, the sketchy sender e-mail address and the link to click.
- It was in my SPAM folder. Your e-mail client’s SPAM filtering capabilities are far from perfect, but they are a first line of defense. Finding this seemingly important e-mail in my SPAM folder is an immediate red flag to use caution.
- The subject is “important message” which is pushing the fear button. A legitimate e-mail from Apple Support will have an actual, specific issue in that subject, such as “Your Apple ID was used to sign into iCloud via a new computer.”
- The e-mail is addressed to “Recipients” instead of to the e-mail address registered to my Apple account. This is a big clue that this is a mass mailing, not something sent specifically to me.
- The sender is identified as “Apple Support” but look at their e-mail address. This is probably the single biggest giveaway. Do you suppose Apple is sending official e-mails using the account email@example.com?
- The greeting starts with “Dear Customer” instead of my name. Apple includes customer names to add a personal touch, but also to show it’s not a phishing e-mail.
- The text has no spelling errors, but the e-mail is rambling, lacks punctuation and repeatedly uses the word “Apple” in an attempt to sound more official.
- The final big giveaway—and the point of this entire phishing e-mail—is the instruction to click on a link to “restore the account.” Blindly click that link and the trouble begins. Apple will sometimes send legitimate e-mails with instructions to go to a website; however, Apple will spell the link out so you can see exactly where you’re being directed. The last such e-mail I received from them directed me to go to https://appleid.apple.com, a destination that is clearly going to Apple’s domain.
This example of a phishing e-mail is disguised to look as though it came from Apple, but there are many variations on the theme. You’ll likely receive similar e-mails allegedly sent by other companies, your ISP, your bank, and government agencies. Use extreme caution to avoid being scammed.
Check out the example below that’s purported to be from Rogers, my ISP. The same telltale clues are there. In this case they also made the mistake of referring to Rogers as a “financial institution,” which is sloppy. And where does that “switch now” link lead?
Don’t ever click the link, but I did copy it and paste it in a document so you can see what they were hiding.
That is most definitely not a legitimate Rogers web page. I can only imagine what malware is awaiting those unfortunate enough to click the link …
Be prepared for text message scams and other new tactics
Scammers are constantly changing their tactics. As people become more aware of the risks of email phishing, criminals change their approach. Recent developments include sending fraudulent text messages; for example, you might receive a text message claiming there is a billing problem with your Netflix account or other service, asking you to click on a link to fix the problem immediately or else the service will discontinue. Obviously, the goal is to get some personal information from you, especially payment information. Don’t be fooled!
The key to staying safe is to watch for the warning flags (the sense of urgency will almost always be there), and use scepticism. Don’t click a link that a stranger sends to you; google the actual service to get the real e-mail or customer support phone number.
Resources are available to help
The common factor in almost all of these scams is fear. Fear of consequences, fear of losing money, fear of embarrassment, and—rather ironically—fear of being the victim of a scam. To the point where the victim is so worried that they will either give someone remote access to their computer in order to “secure” it, or pay them money outright for fear they are going to be investigated, audited or even arrested.
You should be cautious whenever an agency reaches out to you for personal information or a payment of any kind. If you’re suspicious of a phone call, ordinary mail, or e-mail, take some time to think it through. You can find the customer service contact information of any agency or business using the internet. Also, you can check with the Canadian Anti-Fraud Centre, an excellent resource from the government of Canada. If you’re worried your computer may have been hacked or infected, scan it with anti-virus software, or bring it to Geek Squad (at Best Buy locations across Canada) for an examination.
Above all, stay informed, be wary, protect your devices, and don’t panic. When you act calmly and without panic, the scammers almost always lose—and you stay safe!