If Youve Been Scammed
If you think you may be a victim of a fraud or scam, there are some key steps you should take immediately to reduce your risk of losing more money, protect your personal information and avoid being scammed again.
- stop all communication with the fraudster or scammer
- report the scam or fraud to your local police, the Canadian Anti-Fraud Centre and any regulatory bodies
- notify financial institutions and other companies where you have an account that may have been affected
- avoid making any major financial decisions until you feel youve taken action to secure your accounts
- put an alert on your credit report by contacting a consumer reporting agency, such as Equifax Canada or TransUnion Canada
- gather all records you have of the fraud or scam, such as:
- correspondence with the scammer
- financial statements
- contact information the scammer used to contact you
- websites and social media accounts used for the scam
- any papers, marketing material or ads used for the scam
What To Do If Youve Encountered Email Fraud
- If someone has gained unauthorized access to your email account, update your password and your security questions.
- If you accidentally fill out personal information in a link from a phishing scam, change your online banking password and contact your bank right away.
- If you think a notification is a scam masquerading as an Interac e-Transfer, your first instinct might be to delete the message, but well appreciate it if you dont! Kindly forward the email to so our fraud team can further investigate and work to shut it down.
How To Report Phishing Emails
It can be challenging to know the first step to take when you have fallen victim to a scam email. Whether theyre malicious messages or phishing scams, well show you below how to deal with them.
The most crucial first response is to report the scam to the proper authorities or department. You may think turning to the local police is the best solution, but there may not be much that your local department can do to help. How can you report phishing emails?
Related Article: How To Know If Your Email has Been Compromised
One such resource is the Crime Complain Center. If the scam website that targeted you deals with unfair business practices or deceptive marketing , you can send your report to the Federal Trade Commission . You can file a complaint online HERE. You can contact them at 1-877-FTC-HELP, or via regular mail at Federal Trade Commission, CRC-240, Washington, D.C. 20580. Finally, if you suspect that the scam website is based in another country other than the USA, you can check out Econsumer.gov.
The FTC oversees and regulates online scams such as scam emails, computer support scams, and scam websites. They are an excellent resource for anyone dealing with a scam situation. They also investigate other non-tech scams such as check fraud, wire and gift card fraud, student loan scams, and scams based around lotteries, sweepstakes, and other prize situations.
Don’t Miss: What Does Cc Mean When Your Sending An Email
Help I Think I’ve Been Phished What Do I Do
If you believe you’ve been scammed, file your complaint with the FTC, and then visit the FTC’s Identity Theft website at ftc.gov/idtheft. Victims of phishing can become victims of identity theft.
Follow the guide below for specific steps to take according to the type of information you shared:
I accidentally sent…my email/username & password/passphrase.
Phishing And Suspicious Behaviour
A phishing email is an email that appears legitimate but is actually an attempt to get your personal information or steal your money. Here are some ways to deal with phishing and spoofing scams in Outlook.com.
Spoof Intelligence from Microsoft 365 Advanced Threat Protection and Exchange Online Protection help prevent phishing messages from reaching your Outlook inbox. Outlook verifies that the sender is who they say they are and marks malicious messages as junk email. If the message is suspicious but isn’t deemed malicious, the sender will be marked as unverified to notify the receiver that the sender may not be who they appear to be.
Also Check: Find All Email Accounts
Scams Are Especially Common On The Internet Where New Technologies And Anonymity Can Help Fool You Here Are A Few Examples Of Online Scams And How To Stay Safe Online
Educate yourself on these common warning signs that can help prevent you from falling victim to scam websites.
Your web browser warns you
Most web browsers have built-in features designed to alert you about dangerous or deceptive websites. If you receive one of these warnings, do not visit the site. However, just because a website does not generate a warning, does not mean it is legitimate. Scammers are constantly creating fake websites and it takes time for the browsers to detect them.
Unusual URL Structure
The URL is the address of the website, found at the top of your web browser, for example, . Carefully examine the URL of the website you are visiting. Look for subtle misspellings .
Also, watch for URLs that begin with the website you expect, but have extra characters at the end or unusual punctuation .
If there are any characters or words that look out of place in an otherwise normal URL, you may be on a phishing site built to look just like a trusted website. Read carefully.
No Business Contact Information is Listed
Reputable businesses provide legitimate contact information. If a website does not list an address or phone number, be wary of providing personal information.
Beware Of Messages That Sound Urgent Or Too Good To Be True
Scammers use emotion to try to get you to act without thinking.
Beware of urgent-sounding messages
For example, beware of urgent-sounding messages that appear to come from:
- People you trust, like a friend, family member, or person from work. Scammers often use social media and publicly available information to make their messages more realistic and convincing. To find out if the message is authentic, contact your friend, family member, or colleague directly. Use the contact info you normally use to communicate with them.
Tip: Beware of scams related to COVID-19, which are increasingly common. Learn more about tips to avoid COVID-19 scams.
Beware of messages that seem too good to be true
Beware of messages or requests that seem too good to be true. For example, dont be scammed by:
- Get rich quick scams. Never send money or personal information to strangers.
- Romance scams. Never send money or personal info to someone you met online.
- Prize winner scams. Never send money or personal info to someone who claims you won a prize or sweepstakes.
Also Check: My Email Is Not Updating
If You’re Prompted To Download Software
Use extreme caution if you download content from the internet. Some downloads found on the internet may not contain the software they claim to, or may contain software that you didn’t expect or want. This includes apps that ask to install configuration profiles that can then control your device. If installed, unknown or unwanted software may become intrusive and annoying and could even damage your Mac and steal your data.
To avoid unwanted, fake, or malicious software, install software from the App Store or get it directly from the developer’s website. Learn how to safely open software on your Mac or remove unwanted configuration profiles from your iPhone, iPad, or iPod touch.
1. To report an SMS text message, take a screenshot of the message and send it via email. If you forward a message from Mail on your Mac, include the header information by selecting the message and choosing Forward As Attachment from the Message menu.
2. To confirm the destination of a link on your Mac, hover your pointer over the link to see the URL. If you can’t see the URL in the status bar in Safari, choose View > Show Status Bar. On your iOS device, you can touch and hold the link.
Report Scam Emails Within Your Organization
While its true that its your IT teams responsibility to implement phishing and spam prevention methods, the fact is that some scam emails and other suspicious messages are still going to make their way into your inbox.
Remember those Smokey the Bear only you can prevent forest fires advertisements? The same concept applies here. As an employee, its also your responsibility to report scam emails to your organizations IT team as well when you come across them.
Frankly, this should be something thats covered in your organizations employee cyber awareness training. But if its not, reach out to your IT team or admin to find out what your organizations process is for reporting spam, suspicious emails and scams.
The types of information to inquire about include:
- Finding out which email address to send suspected emails to,
- What information regarding the emails you should include, and
- What you should do if you clicked on a link or otherwise engaged with a suspicious email.
Security doesnt operate in a bubble it requires everyone to take steps that help strengthen your organizations cyber defenses.
An Example of Reporting Scam Emails and Phishing Incidents to Your IT Admin
Here at The SSL Store, for example, we have a process outlined that we follow whenever we receive a phishing email. Theres a dedicated email account where we can send information about the email, including:
Read Also: How To Make An Email Name
What To Do With Suspicious Emails: Report And Delete Them
If you receive an email from someone you dont know, a good rule of thumb is to avoid trouble altogether by not engaging with the messages in the first place. However, accidents happen, and everyone makes mistakes. If you do open a message, you should at least avoid taking any of the following additional steps:
- Opening unsolicited attachments , and
- Sending requested information or files.
Instead, what you should do is report unsolicited outreach messages. Of course, understanding how to report scam emails differs based on your location, situation, and other factors.
In the next few sections, well explore several of the ways that you can report emails both inside and outside your organization.
How To Tell If An Email Is A Scam In The First Place
Now that you know what to do when you receive a suspicious email and where to report it, this may leave you wondering how to tell if an email is legitimate in the first place. While we arent going to do a deep dive into that topic here, well quickly cover a few key signs that can indicate whether an email youve received is a potential phishing scam:
- Senders name and email address dont match
- Senders email information doesnt match the organization or entity it claims to come from
- Email contains links to other websites that dont match the anchor text
- Email contains unsolicited attachments that may contain malware
- Message is written in a way that feels urgent, pushy, desperate, or threatening
- Message is trying to coerce, trick, or manipulate you into doing something you shouldnt
Check out these phishing email examples for a look at real-world phishing examples that weve received at The SSL Store. Furthermore, here are some great additional resources that youll likely find useful:
Recommended Reading: Overusing The Cc Function When Sending Email
Report Emails To Your Email Service Provider
Another step you can take is to report scam emails to email service providers as well. This is a pretty easy process because virtually all email providers and clients typically integrate a reporting tool into their platforms.
For example, in Gmail, youll open the email in question and select the three-dot menu next to the Reply button. There, you can select the Report Phishing option. Otherwise, if youre in your inbox and dont want to open the email, you can instead right-click on the message and press Report Spam.
For Outlook, you can right-click on a message in your inbox or navigate to the Message > Block Sender menu tab as shown below. There, you should see the Junk Email Reporting option:
If you dont see it, you first may need to install the Microsoft Junk Email Reporting Add-in or, at the very least, make sure its enabled. Check out this article from Microsoft to learn more about this junk email reporting add-in.
Important Sites That Will Help Protect You
If you want to take the first step in reporting scam emails, Econsumer.gov is a good place to start. Their database is made of reports from around the world, submitted by scam victims just like you. If youve had to deal with scam emails, you can submit your information and help develop the database to track scam email perpetrators. Law enforcement officials from countries worldwide can use this database to understand the patterns behind scam emails. Helping out this effort is one of the best ways we can reduce scam emails on the net.
You can also help track scam emails with the Better Business Bureaus Scam Tracker. The form is exhaustive in detail, and by filling it out, you will help build a database of scam emails. This will help develop understandings of their patterns and methods and even help put email scammers behind bars. If you want to be a part of the database, follow the link above, and fill out the information.
With these quality resources in hand, you should be ready to respond to any scam email situation you find yourself in. By making your first response a detailed and prompt report, you can help protect yourself and others in the future. It is the best way to put a stop to scam emails.
You May Like: Creating A Html Email
How To Protect Yourself From Phishing
Phishing emails have been used by cybercriminals to steal financial details from Australians for a number of years but have become increasingly sophisticated since then.
Brands that are commonly copied include:
- state and territory police or law enforcement
- utilities such as power and gas
- postal services
- telecommunication services
- government departments and service providers such as the Australian Taxation Office, Centrelink, Medicare and myGov.
It used to be easy to recognise and ignore a phishing email because it was badly written or contained spelling errors, but current phishing messages appear more genuine. It can be very difficult to distinguish these malicious messages from genuine communications.
Because of phishing, it is now standard policy for many companies that they will not call, email or SMS you to:
- ask for your user name, PIN, password or secret/security questions and answers
- ask you to enter information on a web page that isn’t part of their main public website
- ask to confirm personal information such as credit card details or account information
- request payment on the spot .
Many companies also have security pages that identify active scams using their branding. These pages often include examples and pictures of scam messages to help you tell fake messages from real ones.