Loading...

How to Identify and Handle Fraud Attempts via Social Engineering Scams (Phishing, Vishing, Smishing)

It is important to understand and protect yourself from social engineering scams. Here’s how you can identify, handle and report fraud attempts of this nature.

What is a social engineering scam?

A social engineering scam convinces you to perform specific actions or divulge confidential information through psychological manipulation. It can be done over the phone, on the internet or in person. Once the scammer obtains the desired information, it can be used for identity theft, industrial espionage and other criminal activities, or simply to disrupt the normal course of business.

The three types of social engineering scams are phishing (done via email), vishing (done via phone calls) and smishing (done via text message/SMS).

Phishing (Email)

Phishing is when scammers use email messages with phony email addresses, websites, or pop-up windows to gather personal information.

What should I do if I’ve received a suspicious email from Rogers?

Do NOT respond to the email, provide personal information online to the sender, send or forward it to others, or click on any links or attachments included within the email. Instead, forward the email to abuse@rogers.com.

Make sure to include the following details in your email to Rogers:

  • Include a brief description of the issue
  • Copy and paste the full email headers above the body of the forwarded email

If you provided your PIN/password in response to the suspicious email, or if you don’t have a PIN/password already set up on your Rogers account, we highly recommend that you change or create a PIN/password now.

What should I do if I’ve received a suspicious email from another company?

Do NOT click on any links or open any attachments in the email. Instead, report the incident to the Canadian Anti-Fraud Centre:

The Canadian Anti-Fraud Centre has a lot of information on known scams. Review their website to protect yourself from potential fraud.

Vishing (Phone Calls)

Vishing (short for “voice phishing”) occurs when scammers attempt to gather your personal or financial information over the phone. Usually, they make calls to offer you fake rate plans and promise incentives if you complete surveys or if you respond to their requests to “confirm” your account by providing sensitive information like PINs, passwords, or account numbers.

What should I do if I’ve received a suspicious phone call from Rogers?

Do NOT provide personal information if the caller sounds suspicious. If possible, record the phone number that appeared on your call display, then contact Rogers and report the incident. We will be able to determine if the call was legitimate.

If you provided your PIN/password over the phone in response to a suspicious call, or if you don’t have a PIN/password set up on your Rogers account, change or create your PIN/password as soon as possible.

What should I do if I’ve received a suspicious voice call from another company?

Do NOT provide personal information to the caller. Instead, report the incident to the Canadian Anti-Fraud Centre:

The Canadian Anti-Fraud Centre has a lot of information on known scams. Review their website to protect yourself from potential fraud.

Smishing (Text Message/SMS)

Smishing occurs when scammers attempt to gather personal or financial information through text messages/SMS. Usually, these text messages will ask you to visit a specific website or call a certain phone number where you will be asked to provide information.

What should I do if I’ve received a suspicious text message from Rogers?

Do NOT respond to the text message, provide personal information to the sender, or click on any links or attachments included in the message. Instead, make sure you collect the following information:

  • The number that sent the text message
  • The contents of the text message

Once you have this information, report the incident to the Canadian Anti-Fraud Centre:

If you provided your PIN/password in response to a suspicious text message, or if you don’t have a PIN/password set up on your Rogers account, change or create your PIN/password as soon as possible.

Related link: What to do if you get spam text messages?

Tips for Identifying Fraudulent Information Requests

  1. Be wary of requests for personal information
    • Most legitimate businesses will not ask for personal information, such as a bank account number. Also, requests to go to a website and "update your account" should raise suspicion. Before giving out any personal information, check that the request is legitimate. You can contact the company directly to make sure.
  2. Watch for alarmist email messages
    • Email messages that promise large sums of money but first require you to pay an "inheritance tax" or try to shock, scare or guilt you into sending money are almost certainly scams. Do not respond to them. Delete them immediately.
  3. Look for altered web or email addresses
    • In an effort to look legitimate, scam artists will often register domains that are minor variations on actual domain names. Another common tactic is to use a legitimate URL as part of a scam URL.
  4. Look for misspellings or grammatical errors
    • Many scams are carried out in countries outside North America where the laws controlling such activities aren't as comprehensive. Watch for misspelled words or errors in grammar.
  5. Look for the lock
    • Be sure that any website where you do enter personal or financial information is secure. Such websites will either have addresses that start with "https" or display a small lock icon in the lower-right corner of your browser window.
  6. Learn more about ways to identify and respond to fraud