Beware of Text Message Phishing Scams

17 June 2015

If you’ve been following the news lately, you’re probably aware of the dangers of phishing, where scammers send messages imitating banks and government institutions to get their victims to click on links and enter personal information. Lately, criminals seem to be turning more toward texts to carry out their schemes, as increased awareness of email phishing has made it less profitable, according to the Canadian Anti-Fraud Centre (CAFC).

“Emails were the number one way (to scam people) for a long time. It’s just a different format that they’ve moved to try and trick people,” CAFC spokesman Allan Boomhour told the Toronto Star.
In one such incident, TD Bank has been warning its customers of a mass phishing text that was recently sent to TD Bank members and non-members alike. The text claims that the user’s bank account has been suspended and asks them to submit their information in order to unlock the account.

The text reads, “(URGENT) Your TD Online Banking [sic] has been suspended. To unlock your account, click here.”

The bank reacted by immediately posting a warning on its website and social media, saying, “Some customers have reported receiving an SMS text message on their cell phones requesting personal account information . . . If you receive a similar message, please don’t open or respond.” The bank then directed customers to contact its phishing branch at

Another recent text message phishing scam had fraudsters imitating the Canada Revenue Agency (CRA) and claiming to have sent victims their tax return via an e-transfer. The text contained a link and asked recipients to click on it to claim their tax return. If they clicked the link, they were then asked to submit personal information like their social insurance number, credit card number and bank account information.

“Canadians are reminded that the CRA will only send payments by direct deposit or by cheque, never by email money transfer,” the CRA said in a statement warning the public of the scam.

To try to determine if a text is part of a phishing scam, ask yourself these questions:

  • Does this institution usually communicate by text? The CRA never does, and banks do so rarely and only if you have requested it.
  • Are there typos and other errors in the text? Most official texts sent by organizations are thoroughly proofread before they are sent out.
  • Should this organization know my email address? If you haven’t given your email address to a certain company or government body and you get an email from them anyway, it could be a scam.
  • Is there a link to click on? Many banks and other agencies that handle confidential information have stopped putting links in their emails altogether so that customers can tell their real emails from phishing scams.
  • Why is my information needed? If you’re asked to enter in your credit card and passport numbers supposedly to claim a tax return or unlock an account, it’s probably a scam, because that information shouldn’t be needed for those purposes.

Phishing can lead to identity theft and credit fraud. To help you monitor and catch possible suspicious activity in your credit files, sign up for a credit monitoring service.