Beware of phishing

“Phishing” getting more sophisticated

November 11, 2014

Last week my daughter received a welcome email from the Canada Revenue agency (CRA) letting her know that thanks to a reassessment, she was going to receive a $545 refund.

All she had to do was click a link in the email to confirm her banking information, and the money would be transferred electronically.

The email addresses on the message were all accurate looking, using the root “gc.ca “.

Luckily, she sent this to me before clicking and asked, “Does this look legit?” 

The only thing that looked out of place to me was a misspelled word.  However, these days, that happens so often you can’t even count on that as being a clue of larceny.  But, since the misspelled word was “taxpayeer”, I was pretty sure this was a criminal attempt to steal her banking information. 

The other clue was that there was an expiry date to claim the money, thus creating some urgency on the part of the recipient.

This is just one small example of the ever more sophisticated attempts to steal your banking and other financial information.

My wife has recently received a similar message, about an INTERAC e-Transfer from CRA.  The link included most of CRA’s actual website address, so it was hard to realize it was a fake.  But it clearly was, and a sophisticated attempt to steal banking information. 

You likely get such emails that appear to be from your bank, investment firm, even your dog groomer, “phishing” for such information. They will use such fabrications as security breaches, system tests…you name it.

Please be diligent and careful about these, and err on the side of caution.

Your bank will NEVER ask you for your password, or to click a link to confirm your personal information.  Do not respond. 

There are additional steps and precautions you need to take in order to keep your information safe. 

As I write this, I am at the Knowledge Bureau Distinguished Advisor Conference in Texas, and we have just heard a great, but scary, presentation on a range of dangers facing companies, some of which I had been unaware.  Major companies have been hacked into on several occasions, sometimes by the hackers spending months and months to find security weaknesses or opening weaknesses in suppliers to these companies, in order to open up breaches in the larger companies, secure firewalls. 

Thousands of client accounts have been “compromised”, but no one is saying what this really means.  Good news is that to this point, it looks like the damage from these breaches has been contained.

What can you do?

First, don’t put anything online, in a Facebook posting, or even in a private email that you don’t want seen and read by criminals. 

A great example is the big “whoops” I put in above, by telling you and all financially savvy criminals that I am out of town.  But don’t worry, I got home last night.

If you and your bank or investment advisor are communicating by email, do not include anything that can reveal personal financial information, and especially not account numbers, values or passwords.

If your advisors tell you that they will not follow your email instructions to send amounts of cash to your bank accounts (as we won’t) until verified by voice, be grateful to them.  We all receive periodic emails purporting to be from clients, asking for such transfers, but some of these are from cyber crooks who have hacked into these client accounts. 

Sometimes, it pays to be paranoid.  Protecting your privacy and money is one of those cases. 

*     *     *

Dollars and Sense is meant as an introduction to this topic and should not in any way be construed as a replacement for personalized professional advice.

Please consult legal, tax and investment experts for advice on your unique situation.

-30-

David Christianson, BA, CFP, R.F.P., TEP, CIMis a financial planner and advisor with Christianson Wealth Advisors, a Vice President with National Bank Financial Wealth Management, and author of the book Managing the Bull, A No-Nonsense Guide to Personal Finance.