RBC
image RBC Home | Search | Site Map | Contact Us | Legal Terms | Français  
Other RBC Sites:
image Banking Investments Insurance Capital Markets
RBC.com
Security
» Corporate Profile
Security
 Online Security
 Safe Computing Practices
 Protect Your Identity
  Tips
  What you should do
  E-mail & Website Fraud
 Important Notices
 FAQ
 Glossary
 Helpful Links & Resources
 Contact Us

Phishing Resource Centre
 

Phishing is a common online scam designed to trick you into disclosing your personal or financial information for the purpose of financial fraud or identity theft.

Here's how it works:

  1. You receive an unsolicited e-mail appearing to be from a legitimate company. A typical phishing e-mail will give you a phoney reason, such as a security breach or contest, to trick you into providing your personal information.

  2. The e-mail will often include a reason that urges you to click on a link that takes you to a fake website.

  3. That fake website will look authentic by copying the brand name and logo of the real company. This phoney site will ask you for personal information such as credit card numbers, account numbers, passwords, date of birth, driver's license number, and social insurance or social security numbers.

While you may think you are giving your information to a valid company, instead you are providing it to a fraudster!

Why did I receive a phishing e-mail?

You received a phishing e-mail simply because your e-mail address has ended up in the hands of a fraudster.

E-mail addresses are easily obtained and shared on the Internet – just like phone numbers and mailing addresses. But, other than having your e-mail address, it is unlikely the fraudster knows anything else about you – not even your name.

So, these fraudsters need to do three things to be successful.

  1. target companies with large numbers of customers...the more, the better!

  2. send thousands of phishing e-mails in order to reach as many of these customers as possible (many of the e-mails are also received by non-customers).

  3. write the e-mail messages in such a way as to trick people into revealing their confidential information.

Click on the above tabs to learn how you can protect yourself against this type of scam!

<< Previous <<

Recognizing Phishing E-mails

Phishing e-mails are becoming more sophisticated and can be tricky to spot. Being able to recognize phishing e-mails can help prevent you from becoming a victim.

Below is an example of a phishing e-mail. Click on the number to learn more.

E-mail
Phishing e-mails often begin with a generic greeting such as "Dear Client" rather than addressing you by name. Some e-mails will refer to a "problem" with your account and urge you to access a link to verify your information. No legitimate company will notify you of a problem through an unsolicited e-mail. There is often a sense of urgency in the e-mail encouraging you to respond immediately. Many e-mails have links that look valid but lead to a fake website. Here's a tip: move your mouse over the link in the e-mail until a small box appears with the URL (web address). If the web address in the box is different from what you see in the e-mail, the link may lead to a fake site. Do not click on this link.

Recognizing Fake Websites

A fake or "spoofed" website can look just like a company's real site. Look for these telltale signs to help you spot a fake website.

Below is an example of a spoofed website. Click on the letter to learn more.

Web site
Ensure the address in your browser's address bar begins with 'https' when entering personal information. That means your information is being secured. If the address begins with only 'http' do not enter any information. Always look for a lock icon on the browser. Double-click the lock to display the security certificate. If there is no lock icon or if you are at all unsure about the information in the certificate do not sign on or enter any personal information.

Also be wary of security alerts or unusual pop-up messages requiring input while you are on a website.

If you are unsure if the website is a valid RBC company site play it safe. Do not sign in or enter any personal information. Instead, contact us.

For phishing e-mails, please notify us by forwarding the suspicious e-mail to information.security@rbc.com.

Report fake websites masquerading as RBC company websites by sending an e-mail to information.security@rbc.com with the subject "Fake RBC website." Remember to copy the full URL (website address) into the body of the e-mail.

To help you spot phishing e-mails and fake websites, see the tips under "Recognizing it".

If you believe you may have provided confidential information in response to a phishing e-mail, call us immediately.

Canadian RBC company: 1 800 769-2555.
RBC Centura: 1 800 236-8872.
TDD/TTY: 1 800 661-1275.
If you are overseas, please try our toll-free access from 21 countries by dialing your country code + 8000 769-2555. You may also reach us by calling 506 864-1555.

If you live in the U.S. please also contact your local authorities as well as the FTC (Federal Trade Commission) at 1-877-438-4338.

Follow these tips to help you avoid falling victim to phishing scams:

Never provide your confidential or financial information over the Internet in response to unsolicited e-mails.
Play it safe! If you don't know the source of an e-mail or if it looks suspicious, do not open it.
Be cautious! Even if you recognize a sender's e-mail address, do not rely on that alone because addresses may be faked. Pay attention to the contents of the e-mail and be careful of any embedded links.
Never click on a link in an e-mail that you suspect may be fake.
Be sure! If you are unsure whether you are on a legitimate website, reopen your internet browser and type the company URL in the address bar yourself.
Before you enter confidential or financial information online, check for the lock icon on your browser. Ensure the URL in the browser address bar starts with "https."
Be alert! Just because an e-mail or website appears to be from a legitimate company doesn't mean it is. Phishing schemes are designed to look real to trick users into divulging personal information for the purpose of financial fraud or identity theft.
See our 10 tips for safe computing and 10 tips to safeguard your assets.
Always follow safe computing practices.

>> Next >>



back to top 
  © Royal Bank of Canada 2001 - 2007 Privacy  |  Legal Terms  |  Trade-marks and Copyrights  |  Security  
  rbc.com is an online information service operated by Royal Bank of Canada.Last modified: 09/12/2008 13:46:17