Phishing: How to recognize fraudulent communications

07 March 2024 by National Bank

Phishing is a scam that’s being used more and more by cybercriminals. Here’s how to recognize these fraudulent communications and avoid taking the bait.

Take precautions against identity theft

Get with
Securizone 360TM

What is phishing?

Phishing refers to all forms of fraudulent communication used by scammers to obtain your personal details or install malware on your computer, phone or tablet. Communications can take the form of an email, text message, phone call, social media post or message, or even a QR code.

They often resemble official messages from the government, the Canada Revenue Agency, your banking institution or your telecommunications service. Scammers will even go so far as to use the colours and logos of these institutions. And because it’s becoming increasingly difficult to recognize this type of scam, no one is safe from them.

What would it look like?

Dear client,
Our system has detected suspicious activity in your account. For security reasons, your account has been blocked. In order to reactivate your account, please enter your login credentials here. Without any action on your part, your account will be permanently deactivated.

What are the different types of phishing attacks?

There are several types of phishing scams. While fraudulent messages often look like official communications, they may also take the form of more personal messages from people close to you. Here are a few examples:

  • A phone call from the Canada Revenue Agency asking for your Social Insurance Number.
  • A text message from the Canadian government saying that you’re entitled to a credit to help Canadians cope with inflation and inviting you to claim it by clicking on a link.
  • An email from a streaming platform, antivirus software or one of your online subscriptions telling you that your monthly payment couldn’t be processed due to a problem with your credit card.
  • A message from a loved one on social media asking you to help them recover their hacked account. 
  • An email informing you that a package has been held up due to non-payment of customs fees and inviting you to pay the amount due.

And since fraudsters are always ready to capitalize on current events – such as pandemics, ice storms, power or telephone failures – or events related to certain periods, such as tax season, it’s not unusual for communications to be linked to relevant key moments.

How can you spot fraudulent communications?

One of the most common phishing strategies is to create a sense of urgency in the target. There are many ways of doing this.

For example, you could be threatened with the blocking or closure of an account, the return of a package to its sender or even criminal prosecution. The stress generated by this kind of situation increases your chances of clicking on the indicated link or giving out personal details without thinking it through.

It’s common for scammers to offer you a sum of money or a gift, such as a tax refund or another unexpected reimbursement. They may also ask you to quickly resolve a problem or update your banking and credit card details.

Pictogramme ampoule qui s’allume

Good to know : National Bank will never ask you to provide your password, unique validation code or SecurID token code, whether by text message, email or phone. When in doubt, don’t hesitate to contact one of our advisors. They’re available every day from 6 a.m. to midnight (ET) at 514 394-5555 or 1 888 835-6281.

How should you respond to fraudulent communications?

Did you receive an unsolicited message urging you to act immediately, signalling an alarming situation or offering you something that’s too good to be true? Don’t take anything for granted, and above all, stop and think whenever you receive a suspicious email or any communication that looks like a potential phishing attempt. Moving too quickly could push you to make mistakes and provide valuable information.

Here are a few more practical tips:

  • Confirm the source of the message: Make sure the sender’s email address or phone number is actually that of the company or person concerned. For companies, check that what comes after the at sign (@) is the company’s actual domain name.
  • Contact the sender: If it’s a company, be sure to use the email address or phone number listed on the official website, not the one mentioned in the communication.
  • Make sure hyperlinks are secure: Can’t tell where a hyperlink will lead you? If you’re using a computer, place your cursor over a hyperlink without clicking on it. You’ll see the site appear in full, and you can either confirm or question its legitimacy. On a smartphone, you can press on a hyperlink for a few seconds to see the same thing.
  • Never pass on your personal details: Unless you initiated the communication or contact, don’t share any personal details with anyone.
  • Assess the relevance and authenticity of the communication: Ask yourself questions. Are you participating in a competition? Are you expecting a package? When in doubt, apply the advice mentioned above.
  • Don’t rely on visual identities: Company and organization logos are easy to imitate, making phishing emails or fraudulent sites look legitimate. Furthermore, seeing the name of your financial institution on your phone’s call display is no guarantee that it’s not a phishing attempt.
  • Delete the message: Don’t hesitate to delete an email, text or voicemail message that seems fraudulent. Usually, a legitimate organization will contact you several times if it expects you to take action.
  • Report the attempted fraud: Alert the company concerned or the person being targeted for identity theft. Report the fraud to the Canadian Anti-Fraud Centre.
Pictogramme ampoule qui s’allume

What should you do if you get phished?    

Even if you take every precaution, you could still fall victim to a phishing scam. If you do, don’t blame yourself – it can happen to anyone. The important thing is to act as soon as possible to protect your accounts and identity.

Keep a close eye on your bank accounts and credit card transactions, email inboxes and messaging services. You should also change all your passwords or even disconnect your computer from the internet or network in case it’s been infected by ransomware. An IT specialist can help you restore all the data on your computer.

Also, you should make it a priority to notify both credit bureaus ( Equifax and TransUnion ) that you’ve been a victim of a phishing scam so that an alert can be placed in your file.

Worried that your identity has been stolen?
→ Follow our six key steps.

Fraudsters are very imaginative, and no one is completely safe from their scams. If you fall into their trap, it’s important to report it and let those around you know.

Want to find out more? Our fraud prevention page is full of other useful tips and tools.

Legal disclaimer


Any reproduction, in whole or in part, is strictly prohibited without the prior written consent of National Bank of Canada.

The articles and information on this website are protected by the copyright laws in effect in Canada or other countries, as applicable. The copyrights on the articles and information belong to the National Bank of Canada or other persons. Any reproduction, redistribution, electronic communication, including indirectly via a hyperlink, in whole or in part, of these articles and information and any other use thereof that is not explicitly authorized is prohibited without the prior written consent of the copyright owner.

The contents of this website must not be interpreted, considered or used as if it were financial, legal, fiscal, or other advice. National Bank and its partners in contents will not be liable for any damages that you may incur from such use.

This article is provided by National Bank, its subsidiaries and group entities for information purposes only, and creates no legal or contractual obligation for National Bank, its subsidiaries and group entities. The details of this service offering and the conditions herein are subject to change.

The hyperlinks in this article may redirect to external websites not administered by National Bank. The Bank cannot be held liable for the content of external websites or any damages caused by their use.

Views expressed in this article are those of the person being interviewed. They do not necessarily reflect the opinions of National Bank or its subsidiaries. For financial or business advice, please consult your National Bank advisor, financial planner or an industry professional (e.g., accountant, tax specialist or lawyer).

™ SECURIZONE 360 is a trademark of National Bank of Canada used by NBC Assistance Inc.




Take precautions against identity theft

Get with
Securizone 360TM