Skip to main content
Find a Branch /ATM
JOIN

Common Cyber Scams

Learn about common scams targeting your personal information and money.
woman looking at laptop
 
MEMBER ALERT: The Ontario Provincial Police is advising there is currently a high volume of “grandparent scams” being reported.
In this scam, victims are instructed to withdraw large sums of cash as alleged bail for family members. They're told not to disclose the true purpose to their financial institution and instead say it’s for “family” or “Christmas gifts.” Learn more about how to protect yourself and your loved ones from grandparent scams.
 
Select Icon

$645M was reported lost to fraud in Canada in 2024
Source: Canadian Anti-Fraud Centre

 

 
Cybercriminals use a variety of tactics – through email, phone calls, pop-ups, and fake websites – to trick people into sharing personal information or sending money. Below are some of the most common scams. Knowing how they work is your first line of defence.
 
In this scam, someone calls pretending to be from your bank or credit union. They’ll warn of “fraudulent activity” on your account and ask you to cancel your card. They instruct you to put your card and PIN in an envelope, then send a courier or “staff” to pick it up. Meanwhile, the scammer drains your account through ATM withdrawals or purchases.
A fraudster may reach out via phone, email, or social media, promoting fake cryptocurrency investment opportunities. They promise high returns with little or no risk, regardless of market conditions, and may claim celebrity endorsements to build trust. Victims are directed to send funds to access supposed profits or withdraw from their digital currency accounts. Scammers frequently provide fake account statements showing rapid growth to encourage continued investment. In most cases, victims only discover the truth when they are unable to withdraw funds, often after a prolonged period of investing.
Scammers pose as legitimate companies offering work-from-home or part-time job opportunities. After you’re “hired,” they send you a cheque to purchase equipment or process payments – but the cheque is fake. They instruct you to deposit it and then send a portion of the funds back or forward it to a third-party. Once the cheque is rejected by your financial institution, you’re left responsible for the money you sent.
Scammers may pitch a “high-value” foreign company or property investment. They’ll send you a cheque as an “advance” on future profits, then ask for service-charge payments to release the rest. But the “advance” cheque is fake – once it’s reversed, you’re on the hook for the money you already sent.
You might get a letter, email, or call claiming you’re a distant heir to a wealthy person's estate – often someone in a foreign country without known heirs. The “executor” asks for your personal data (SIN, birthdate, banking info), and might request upfront payments for “fees” or “taxes” to release the inheritance. Once you share this information and send money, the inheritance never materializes.
Scammers tell you you’ve won a lottery or prize you never entered. They ask you to pay a “processing fee,” wire money, or provide credit card details. Even after you pay, they often demand more money – and there’s no prize at the en.
Online buy/sell scams involve fake listings, payment scams, and other fraudulent activities on online buying and selling platforms. Common tactics include fake ads for non-existent items, overpayment scams where a fake cheque is sent, and requests for payment via hard-to-trace methods like wire transfers or gift cards. Buyers can fall victim to fake listings, while sellers may be targeted with "reverse scams" involving fake e-transfers that steal their banking information.
Phishing is when you receive seemingly legitimate emails or messages (often appearing to be from a trusted source) that ask you to log in or verify information. These can lead to fake websites designed to steal your credentials.

Pharming involves malware that redirects you to fraudulent sites, even if you type in the correct web address. 
  • Tech Support Scam: You get a call or pop-up warning that your device is infected. The scammer offers to “fix” it – but instead, they install malicious software or steal data.
  • The Canada Revenue Agency (CRA) Scam: Fraudsters pretend to be from the CRA, threatening you with fines or arrest unless you pay. In reality, the CRA will usually first contact you by mail or through their secure MyCRA portal – not by phone or text.
  • Fundraiser / Charity Scam: Scammers ask for donations for made-up causes or pretend charities. Always verify the legitimacy of any charity before giving. 
  • Grandparents / Family Emergency Scam: Someone calls pretending to be a relative in crisis and demands money. Scammers exploit your emotions and sense of urgency.
  • Credit Card Scam: The scammer calls saying your credit card is compromised and tries to trick you into sharing your details or making a payment.

Romance scams involve criminals creating fake online identities to gain a victim’s affection and trust. Once the victim is emotionally invested, the scammer exploits the illusion of a romantic or close relationship to manipulate and/or steal from them. Common tactics include claiming urgent financial needs-such as emergencies, travel expenses, or frozen accounts-and requesting money until they can “resolve” their own financial issues.

SIM swapping, also known as SIM hijacking or port-out fraud, is a scheme where criminals deceive a mobile carrier into transferring a victim’s phone number to a SIM card under their control. This enables the fraudster to intercept calls and text messages, including one-time passwords and authentication codes, which are then used to compromise online accounts and commit identity theft or financial fraud.

Smishing is a blend of “SMS” and “phishing”. It is a cyberattack that uses fraudulent text messages to deceive individuals into sharing sensitive personal or financial information, downloading malware, or sending money to scammers. These attacks exploit trust and create a sense of urgency to override critical thinking.

Vishing (voice phishing) is a cyberattack that uses fraudulent phone calls to trick individuals into disclosing sensitive personal, financial, or business information. Scammers, or “vishers,” often impersonate trusted entities such as financial institutions, government agencies, pharmacies, or even colleagues and family members to create urgency, fear, or trust.
“Ware scams” typically refer to scareware – a type of malicious software that uses social engineering to convince users their device is infected or compromised. The goal is to pressure victims into purchasing fake security software or downloading real malware, which can steal personal information or lock the device for ransom.
 
Select Icon

Quick Tip

What's an easy way to spot a scam? By the method scammers ask you to pay them! Scammers use channels that are hard to trace (and even harder to get your money back from) like gift cards, wire transfers, payment apps and cryptocurrency ATMs.
 

How to protect yourself from these (and more!) common scams

 

  • Never give out sensitive information (PINs, passwords, account numbers) to someone who calls or texts you – even if they say they’re from a trusted source like your financial institution or the CRA.

  • Don’t react to urgent or aggressive requests. Scammers often create a false sense of crisis to pressure you into acting without thinking.

  • Always verify contact information: if someone calls claiming to be from a trusted organization, hang up and call back using a number from your statements, your card, or the official website.

  • When receiving emails or texts with links, avoid clicking straight from them. Instead, type in the URL you trust directly into your browser.

  • Use strong, unique passwords and turn on multi-factor authentication where possible. 

  • Keep your devices and software updated to protect against malware.

  • Be careful with what info you share publicly: avoid posting too much personal info (birthday, phone number, etc.) on social media.

  • Use alerts on your financial accounts so you’re notified of any unusual activity.

 
 
report icon

What to do if you think you’ve been targeted by a scam

  1. Stop communication with the suspected scammer immediately.

  2. Report the incident to us, contact Kawartha immediately 1-855-670-0510.

  3. If you shared financial or personal details, we recommend that you:

    • Freeze your card/s with Lock'N'Block

    • Change your password

    • Contact your mobile provider if you think a SIM swap occurred

  4. If you are uncertain, come into a Kawartha branch to talk to us or connect with the Contact Centre.

 

Discover and Learn

Additional resources

Secure your devices

Protect yourself online

 
Contact Us: 1-855-670-0510
Copyright © 2025. All rights reserved.