Cybersecurity: Email scams

Look out for email scams

Social engineering

Social engineering is the art of manipulating people so they release confidential information. Cyber criminals often use this tactic, which plays on human emotions, to trick you into giving them your passwords, financial information or access to your computer to secretly install malicious software.

• You may be asked to reveal personal information, click on a link, or open an attachment.
• They try to appeal to your emotions and create a sense of urgency. For instance, they might pose as an RBC Wealth Management employee and ask you to change or confirm your password by clicking on a link.
• Their goal is usually to place malware, or malicious software, on your computer or mobile device. Malware is software designed to push ads to you, lock your computer unless you pay a ransom or track your online activity.

Here are some different types of social engineering scams:

Phishing

Phishing is one of the most common scams used by cyber criminals. They send you a phony email offer (telling you that you’ve won a vacation or a lottery, for example) hoping that you’ll take the bait and give them the information they’re seeking, usually your private information or your financial data.

Here’s how it works:

• You’ll be asked to download a file or open an attachment—typically, this will be malicious software masquerading as a harmless file or program.
• This software helps cyber criminals gain access to your personal and financial information.

What you should do

• The best way to protect yourself from phishing scams is to stop and think—is this too good to be true? If it is, don’t take the bait.
• When you receive an “urgent” request, always verify in-person or over the phone that the person contacting you is who they say they are.
• If you receive a suspicious email from RBC Wealth Management, forward it to phishing@rbc.com  and then delete it right away.

Other forms of phishing

Criminals will use any means at their disposal to try to get access to your information, not only email. Phishing scams can also come in the form of text messages to your mobile phone or tablet, or as messages through social media sites, or even telephone calls.

They will also tailor their phishing attacks to target a specific individual, based on information they may have already gained (like through social media). This practice is known as Spear Phishing, and could resemble an email coming from a friend you have on social media, recommending you check out a store that caters to the hobby interest you and that friend share. The link to the store would contain malicious software.

Fake websites

Have you have ever received an email or text message from a seemingly familiar source asking you to update your profile or change your password due to some unforeseen circumstance?

To spoof a website or an email address means faking the identity of another user or company to make it look like it’s from a legitimate source or a known sender.

Here’s how it works:

• Using email software, criminals can spoof or imitate an email address or URL to trick recipients into believing that they’re corresponding with a legitimate person, be it a friend, family member or representative of an organization.
• They direct you to a website that looks authentic, but is actually just a carbon copy of the real one.

What you should do

• If you receive any communication you find suspicious, independently contact the person or organization that sent it before taking any action. Do NOT just reply to the suspicious email to make sure it’s genuine.
• Avoid giving away personal financial information anywhere online, including email.
• Do not click on unknown email links or attachments.
• If you suspect a fake website is masquerading as an RBC Wealth Management website, report it to phishing@rbc.com . Remember to copy the full URL (website address) into the body of the email.