Online Scams To Avoid
You can download (and share) a printable copy of these notes below…
(click on the underlined down-arrow icon in the upper-right below to download)

PDF file

Online-Scams-To-Avoid Nov 9.pdf

26.3 MB

Scamming people is, unfortunately, a multibillion dollar industry, and Canadians are one of the most lucrative targets for scammers overseas because we're trusting by nature, and more affluent than people in most other countries.
Below are examples of the latest scams, with screenshots, to help you spot them, and avoid having your money and/or identity stolen.
The scammers are always coming-up with new scams that capitalize on rebates and other items in the news, so we're constantly adding new examples.
Please share these Notes with others who might be tricked.
Before you see the examples, here's an easy way to avoid being scammed:
If you get an email or a text about…
  • a problem with one of your accounts or services
  • a package that can't be delivered
  • an invoice/receipt for an item or service which you didn't order
  • a refund or rebate owed to you
  • a prize you've won
  • a ticket issued to you
…assume it's a scam — especially if it urges you do something right away.
If you think it might be real, check with your bank, or with the merchant, but NEVER call the number, and NEVER click on the button or link.
1) If a message appears on the screen of your phone, tablet, or computer advising that your device is infected or is about to crash, and urging you to call the phone number on the screen, it's a scam.
Here are two screenshots of what these scams might look like on a Windows PC…
Here's a screenshot of what one of these scams could look like on a Mac…
And here's a screenshot of what one of these scams might look like on an iPad…
If this appears on the screen, it got there because you clicked on a button or link which took you to what's called a Browser Hijack — a website which has been crafted just to try to trick you.
Your device is NOT infected. It's just a scam.
If you call the number, it'll connect you to a call-centre (often in India) where a scammer will pose as someone from Apple or Microsoft or Samsung or Google, and will offer to fix the problem, either for a hefty fee — they'll want your credit card info — or they'll try to pursuade you to give them banking info.
NEVER call the number, and NEVER click on the button or link. Just restart your phone, tablet, or computer and it should go away.
If you know someone who you think might fall for one of these scams, you can print out a warning sheet which I've created, and give it to them to post on the wall near their computer.
Here's a Windows version…

PDF file

Browser hijack warning sheet - Windows.pdf

162.4 KB

…and here's a Mac version…

PDF file

Browser hijack warning sheet - Mac.pdf

199.6 KB


2) If you get a pop-up like these screenshots, it's a scam — but your computer is not infected, and you have not been hacked!
Those scam pop-up screenshots are all Notification boxes, which get delivered by a website or websites (like news or recipe sites) which you agreed to allow to send you Notifications.
Unfortunately, those websites have chosen to "rent" that ability to unscrupulous companies which send out fake virus warnings and other scams.
If you click or tap on the button, you'll be taken to a fake website where you'll be encouraged to either give them your credit card info for a fake (and pricey) anti-virus subscription, or to call a toll-free number which connects to an overseas call-centre where they'll pitch any one of a variety of scams.
Don't click, tap, or call! Instead, here's how to block these scam pop-ups…
On a Windows PC, open your Microsoft Edge web-browser, copy/paste the following into the address-bar… edge://settings/content/notifications
In the Notifications box, turn OFF the switch to the right of "Ask before sending"…
If you use the Chrome web-browser, copy-paste the following URL in the address bar of Chrome and hit Enter: chrome://settings/content/notifications.
The Notifications settings will open up, and you'll see the default setting Ask before sending.
Toggle the slider to select Blocked.
If you use the Safari web-browser on a Mac
Click on the Apple logo in the top-left and click on Safari Preferences. Click on the Websites tab and then scroll down to Notifications. Now, uncheck the Allow websites to ask box highlighted in yellow...
These steps will prevent websites from sending you notifications!

3) If someone you know emails you asking you to buy Amazon gift cards on their behalf, don't do it — it's a scam!
It begins with an email that appears to be from someone you know, asking you to do them a favour and buy some Amazon gift cards on their behalf, for someone special for a birthday or other important occasion. They promise to pay you back shortly. A screenshot of one of those emails (shared by a lady named Edie) is below…
When Edie emailed back, explaining that she doesn't shop online but that her husband does, the scammer posing as June replied back from an only-slightly-different email address…
If you reply and agree to help, as Edie kindly did, the scammer posing in this case as June emailed her right back, asking Tony to buy $300 in Amazon gift cards, and then to scratch the back off the cards to reveal the code, and to email that code to the "friend's daughter" along with a congratulatory message on behalf of June. The scammer supplied Edie with the email address supposedly of the desired recipient, and even a warm and fuzzy message to include on their behalf…
If you email the codes on the back of gift cards, as Tony did, those codes will soon be redeemed by the overseas scammers who are at the end of the email address they gave you, and you'll be out the money. In this case, Tony was alerted by us to the scam within minutes, and was able to get Amazon to cancel the gift cards before the scammers could redeem them, but that usually doesn't happen.
NEVER buy gift cards on behalf of someone you know! In most cases, the original email asking for your help came from scammers using an email address that's one character different from the real email address of the person they're impersonating. In some cases — as in this one — June was tricked into giving scammers her email address and password, and they then used her email account to email the gift card request to everyone in her contact list.
If you're somehow convinced that the request is real — it's not; they're all a scam — but if you don't believe us, reply back and ask the sender a question to which only your friend would know the answer. You'll never hear from them again.
4) Watch out for a new round of scam "we're discontinuing your email version and you must upgrade" Microsoft emails
The scam emails (see the screenshot) are being sent from email addresses @allmail.net, which is a private budget email provider based in Missouri, and claim that to avoid disruption to your email service, you must upgrade immediately to a new version…
If you were to mouse over the "click here" link on the actual email (or hold your fimnger on it on a touchscreen device), you'd get a pop-up showing that clicking on the link would take you to a fake outlook.com log-in page hosted on Google Docs (which is Microsoft's arch-competitor).
If you were to type in your email address and password, the hackers would immediately gain access to your emails and could start forwarding them to themselves, and then trigger password reset emails from your banking and other accounts, to steal your money and your identity.
NEVER click on links in emails like this!

5a) Watch out for fake Shaw "closing old Mailbox versions" emails
The emails — which are coming from a @talktalk.net address (that's in Britain)… look like this screenshot which was shared by astute Tech Talk listener Vicki…
In the actual email, if you were to mouse over the "Check For Update" link they want you to click on (or hold your finger on it on a phone or tablet), you'd get a pop-up revealing that that link would take you to Linki.ee/shawweb — which is a fake Shaw webmail log-in page (hosted in China) that looks like this…
Notice that they deliberately misspelled "password" using two v's to try to evade scam filters!
If you type in your @shaw.ca email address and password, the hackers in China will immediately gain access to you email account, and will start forwarding a copy of all your incoming messages to themselves. They'll then trigger password reset emails for any financial and other accounts they can find and then lock you out of your own accounts and start stealing your money and identity.
NEVER click on links in emails like this!

5b) watch out for a new Shaw email scam
The emails claim (as shown in this screenshot) that due to security upgrades, Shaw email users will not be able to access their emails if they do not click a button to confirm their account…
The emails are coming from addresses @vnr1.com (highlighted in yellow), which is a Texas-based web service provider, and are addressed to "Dear Esteemed User".
The "Confirm Now" button they want you to click on or tap takes you to a fake Shaw webpage hosted on Google Docs… (https://docs.google.com/presentation/d/e/2PACX-1vQgYG2NUjaO
…and the "Upgrade Now" button they want you to click-on or tap, takes you to a fake Shaw Webmail logiin page hosted on Weebly.com…
If you provide an @shaw.ca email address and password and click/tap on "Sign In", you're giving ovderseas hackers direct access to all your emails. They'll almost immediately start forwarding a copy to themselves, and then start triggering password reset codes for your bank accounts and other accounts so they can steal your money and identity. NEVER click on links in emails or texts like this!
6a) Watch out for fake Canada Post "undelivered package" texts
The texts (screenshot on far left below) advise that a package could not be delivered because of an incomplete address. They give you a link, which, if tapped, takes you to a fake Canada Post web-page (hosted in Spain, screenshot in middle below) where they ask you for correct delivery info. If you give them that, they send you to a page ((screenshot on right, below) requesting payment of a "redelivery fee" of just $1.03.
If you give them your credit card info, within minutes, the scammers will be making purchases on your card, and before long, your card will be maxed-out or locked, and your bank will have to cancel it and issue you a new one.
NEVER respond to texts like this! Among the clues that it's a scam are the fact that these texts will never be addressed to you by name, and they'll never say what the package is or who it's from. If you're expecting a package, use the tracking number supplied by the online merchant to see where your package is.

6b) Watch out for a new round of fake Canada Post texts
The texts, as shown in the screenshot shared by astute Tech Talk listener Carol, appear to be coming from a 780 area code (in Alberta).
The colourful message claims to be from Canada Post advising that they were unable to deliver your order and urge you to click on a link to reschedule delivery.
The link (which has since been shut down), takes you to a real-looking Canada Post website (hosted in Germany) complete with a real "click on all the squares with a bicycle" test to prove you're not a robot. It then takes you through a series of screens where you're asked to supply your address and contact info, and then to a screen asking for you to pay a $2.67 'rescheduling fee…
The next screen asks for your credit card info to pay that fee. If you give it to them, within minutes, overseas scammers will be using your card info to make scam purchases on your account.
NEVER click on links in emails like this! If you've ordered something that's being mailed to you, use the link supplied by the online merchant to track your package.

7) Watch out for a new round of fake Service Canada Tax Credit texts
The texts, which look like the screenshot shared by Charles, are being sent from @gmail.com email addresses — not from phone numbers.
They include a link (this one is Revtxn24.com, which has since been shut down), and it takes you to a (fake) CRA "Deposit Your Money" page, at https://txgvcdn24.info (which has also since been shut down) as shown in the screenshots.
It asks you to click on the icon for your bank or credit union, and then it takes you to a (fake but very real-looking) log-in page for that bank or credit union…
If you type in your Client Card or username and password, you'll be giving overseas scammers direct access to your bank account! NEVER click on links in texts or emails like this!

8) Watch out for scam Canada Revenue Agency "refund" texts
Every tax season, scammers send us texts claiming to be from the CRA, urging you to claim your refund.
A screenshot of one of these text is shown here, and unlike a lot of previous ones, this one actually looks pretty good!
But if you look closely, you'll see that it's not from the CRA, but from a gmail.com address, and, the link they want you to click on, 2024taxs.com is also not the Canada Revenue Agency.
That link takes you to a fake Interac website with logos for all the major Canadian banks and credit unions, urging you to click on yours…
If you do, it takes you to a real-looking log-in page for your bank or credit union (but with the wrong address at the top). They're hoping you'll give them your log-in info so they can start stealing your money. NEVER click on links in texts or emails like this! The CRA will NEVER text you, and if they email you, the email will NEVER contain a link for you to click on.

9) If you get a call from someone claiming to be from Bell, Telus, or Rogers, offering you a much cheaper phone plan, it's likely a scam
The caller will know your phone number and what carrier you're with now, and will offer to give you more data and for less money than you're paying now.
In my case, Simon, who claimed to be from Bell, offered me unlimited worldwide calling and phoning and 20GB of international data for just $30 a month if I would switch to Bell from Freedom Mobile. When I asked him to confirm that in writing, he texted me the message screenshotted here.
One of the clues — besides the poor sentence structure — is that Bell does not currently offer a plan that includes international data roaming! Another clue is that the phone number which sent the text is not a Bell number, it's unassigned.
If you agree, the caller will ask for your email address to send you the new agreement, and your mailing address where they can courier your new SIM card, and then they'll advise that you'll get a text from your current carrier asking you to confirm that you're switching carriers, and if so, to reply with YES.
If you do that, you'll have just given the scammers permission to take over your phone number!
Within minutes, your phone will show "No Service", and all calls and texts to what was your phone number, will then be routed to the scammers, and your now-former carrier will be powerless to reverse the process. The scammers will then use your email address to trigger password reset text-codes for your bank, email accounts, and other accounts, so they can steal your money and your identity.
NEVER reply "YES" to a text from your carrier asking if you are changing carriers, unless you're doing that either in-person with a new carrier at their store or kiosk, or if YOU initiated a carrier change by going online to the website of a budget carrier that has no kiosks.

10) Watch out for scam emails claiming your iCloud subscription payment has failed and you're about to lose files
The email, which I've screenshotted here, contains lots of red and exclamation marks, and warns that because your payment method has expired, you may lose all your stored photos and videos.
The sentence structue is not great, and sometimes iCloud is spelled with a capital "C" and sometimes not. They also misspelled "regards" at the bottom.
If you click on the "Update my payment details" bar at the bottom of the actual email, it takes you to a fake iCloud log-in page hosted at druckshopwelver.de in Germany.
The scammers are hoping for two things: one, that you'll give them your Apple ID email and password, and two, even if you give them wrong info, you'll be taken to a payment webpage where you'll be offered a hefty iCloud renewal discount — provided you give them your credit card info.
If you do, they'll immediately begin racking-up fake charges on your card.
NEVER click on links in emails like this. If your Apple account payment method actually has expired, you'll get a red (1) on the Settings app, and a pop-up which takes you to the Payment page within the Settings, where you can provide your new card #. You can check your payment method status at any time by going to Settings, (your name), Payment & Shipping, and confirm your identity with Face ID, Touch ID, or you Apple ID password.

11) Avoid paying by cheque if you can, because cheques are no longer as secure as they used to be, due to electronic banking
Many people grew up using cheques and still use them to pay bills, but times have changed, and gaps in mobile banking have made the use of cheques vulnerable for various types of fraud, including people being able to electronically deposit a cheque more than once…

CBC

RBC customer's cheque was cashed twice. He says his bank shouldn't have let it happen | CBC News

With the vast majority of paper cheques now deposited via mobile app, a security expert says it’s cheaper for banks to reimburse clients than change the deposit system.

If you remain unconvinced that cheques are not as safe to use as they used to be, the next time you give someone a cheque, make it payable to "Mickey Mouse", and when they electronically deposit it to their account, it'll go right through. Banks stopped automatically checking for the payee name on cheques years ago.
Cheques have lots of anti-counterfeiting technology embedded in them, but when they're scanned for deposit on a banking app, because of the resolution used, the banking app usually won't spot a cheque which has been altered. Here's an example which I created to show a client — a retired bank security officer — using my 2023 Peninsula Co-Op Rebate cheque. Note the altered payee name and amount…
I electronically deposited the real one. But, if I'd deposited the second one, it would've cleared. And even if someone later noticed, by then, I could've withdrawn the money and closed the account.
This is why we recommend you use a banking app instead of using cheques, and from now on, pay — or get paid — by Interac eTransfer. Also, get auto-deposit turned-on so incoming eTransfers can't be intercepted. If your bank or credit union doesn't yet support auto-deposit, get eTransfers sent to your mobile number and not your email, as text messages are much harder to intercept.

12) Watch out for disgusting scam "sextortion" emails
The emails are addressed to you, and come from and address that includes part of your name, and may also be accompanied by a Google Maps screenshot of your address, and read like this…
From: "I hacked you!" <alanperry107@peoplepc.com>
Hello pervert, I've sent this message from your iCloud mаil, and I have included a picture of where you live, so you know I know who you are.
I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisеly.
Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, and Windows. I guess, you already figured out where I’m getting at. 
It’s been a few months since I installed it on all your dеviсеs because you were not quite choosy about what links to click on the intеrnеt. During this period, I’ve learned about all aspects of your private life, but оnе is of special significance to me.
I’ve recorded many videos of you jerking off to highly controversial роrn videos. Given that the “questionable” genre is almost always the same, I can conclude that you have sick реrvеrsiоn.
I doubt you’d want your friends, family and co-workers to know about it. However, I can do it in a few clicks. 
Every number in your contact Iist will suddenly receive these vidеоs – on WhatsApp, on Telegram, on Instagram, on Facebook, on email – everywhere. It is going to be a tsunami that will sweep away everything in its path, and first of all, your fоrmеr life.
Don’t think of yourself as an innocent victim. No one knows where your реrvеrsiоn might lead in the future, so consider this a kind of deserved рunishmеnt to stop you.
I’m some kind of God who sees everything. However, don’t panic. As we know, God is merciful and forgiving,  and so do I. But my mеrсy is not free.
Transfer 1400 USD to my Litecoin (LTC) wallet: ltc1qhelugumywjk7vwq3h3488j082mh4g242d0sl34
Once I receive confirmation of the transaction, I will реrmanently delete all videos compromising you, uninstаll Pegasus from all of your devices, and disappear from your life. You can be sure – my benefit is only money. Otherwise, I wouldn’t be writing to you, but destroy your life without a word in a second.
I’ll be notified when you open my email, and from that moment you have exactly 48 hours to send the money. If cryptocurrencies are unchartered waters for you, don’t worry, it’s very simple. Just google “crypto exchange” or "buy Litecoin" and then it will be no harder than buying some useless stuff on Amazon.
I strongly warn you against the following:
* Do not reply to this email. I've sent it from your iCloud mail.
* Do not contact the police. I have access to all your dеviсеs, and as soon as I find out you ran to the cops, videos will be published.
* Don’t try to reset or destroy your dеviсеs. As I mentioned above: I’m monitoring all your activity, so you either agree to my terms or the vidеоs are рublished.
Also, don’t forget that cryptocurrencies are anonymous, so it’s impossible to identify me using the provided аddrеss.
Good luck, my perverted friend. I hope this is the last time we hear from each other.
And some friendly advice: from now on, don’t be so careless about your online security.
This is a disgusting scam. Authorities are working to track down the senders, who are overseas and using VPN's to hide their identities and location.
You can forward the email to your local police so at least they'll see what they're saying, or you can just delete it. But who do you know that might be scared enough by this email to fall for it? Please take the time to copy/paste this Tech Talk note, and send it to anyone who you think might be embarrased into sending the scammers money.

The emails are addressed to you and read like this…
From: "I hacked you!" <brianpavlici@peoplepc.com>

Hello pervert, I've sent this message from your iCloud mаil.
I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisеly.
Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, and Windows. I guess, you already figured out where I’m getting at. 
It’s been a few months since I installed it on all your dеviсеs because you were not quite choosy about what links to click on the intеrnеt. During this period, I’ve learned about all aspects of your private life, but оnе is of special significance to me.
I’ve recorded many videos of you jerking off to highly controversial роrn videos. Given that the “questionable” genre is almost always the same, I can conclude that you have sick реrvеrsiоn.
I doubt you’d want your friends, family and co-workers to know about it. However, I can do it in a few clicks. 
Every number in your contact Iist will suddenly receive these vidеоs – on WhatsApp, on Telegram, on Instagram, on Facebook, on email – everywhere. It is going to be a tsunami that will sweep away everything in its path, and first of all, your fоrmеr life.
Don’t think of yourself as an innocent victim. No one knows where your реrvеrsiоn might lead in the future, so consider this a kind of deserved рunishmеnt to stop you.
I’m some kind of God who sees everything. However, don’t panic. As we know, God is merciful and forgiving,  and so do I. But my mеrсy is not free.
Transfer 1400 USD to my Litecoin (LTC) wallet: ltc1qhelugumywjk7vwq3h3488j082mh4g242d0sl34
Once I receive confirmation of the transaction, I will реrmanently delete all videos compromising you, uninstаll Pegasus from all of your devices, and disappear from your life. You can be sure – my benefit is only money. Otherwise, I wouldn’t be writing to you, but destroy your life without a word in a second.
I’ll be notified when you open my email, and from that moment you have exactly 48 hours to send the money. If cryptocurrencies are unchartered waters for you, don’t worry, it’s very simple. Just google “crypto exchange” or "buy Litecoin" and then it will be no harder than buying some useless stuff on Amazon.
I strongly warn you against the following:
* Do not reply to this email. I've sent it from your iCloud mail.
* Do not contact the police. I have access to all your dеviсеs, and as soon as I find out you ran to the cops, videos will be published.
* Don’t try to reset or destroy your dеviсеs. As I mentioned above: I’m monitoring all your activity, so you either agree to my terms or the vidеоs are рublished.
Also, don’t forget that cryptocurrencies are anonymous, so it’s impossible to identify me using the provided аddrеss.
Good luck, my perverted friend. I hope this is the last time we hear from each other.
And some friendly advice: from now on, don’t be so careless about your online security.
This is a disgusting scam. Authorities are working to track down the senders. Just delete it.

13) A new scam offers to check to see if your credit card info is in hacker databases
The clever scam appears as a pop-up like this screenshot, which says you can find out if your credit card info has been leaked online by entering your card info and having them scan "thousands of hacker databases" to see if there's a match…
If you type in your card info, you're actually giving that info to scammers!
NEVER interact with pop-ups like this.
Note the name of the scam program in the top-left of the pop-up…say it out loud if you don't get it.

14) Watch out for scam Google "you've won" pop-ups
The smartphone and computer pop-ups look like this screenshot, and claim that you've been selected as part of Google's Reward Program (there is no such thing) to win a variety of valuable tech prizes including a Samsung Galaxy S23 or iPhone 15 Pro…
One of the clues that this is a scam is that the prizes offered include a $500 Tesco gift card; Tesco is a British chain. Another clue is that it's not addressed to you, but to "Dear Google customer".
The biggest clue, though, is if you hold your finger (on the actual pop-up, not on our screenshot!), you'll see that tapping on it takes you to a gibbersh website hosted in Spain (.es) or Poland (.pl).
There, you'll find a fake Google Rewards website where you have to answer three basic demographic questions and then pick a prize box. No matter which box you pick, you won't "win". But, they'll give you a second chance, and no matter which box you pick, you will "win". You pick your prize, and then they'll ask for your contact info and mailing address, and then you'll be asked to give them your credit card info to pay $7 or €5 for shipping your prize.
If you give them your credit card info, within minutes, the overseas scammers will be racking-up fake charges on your card. But even if you don't, by that point, you've already given them your contact info and mailing address, which they can use to try to steal your identity.
NEVER tap on buttons in pop-ups like this! Just force-close the app or web-browser, or if necessary, restart your device.

15a) Watch out for scam emails claiming you've won a $500 Petro-Canada gift card
The emails come from "Petro Canada Winner" with no email address, and say (see screenshot) that "you've been selected as one of the lucky few for an opportunity to receive a Petro-Canada $500 gift card.
If you click on the "Start Survey" button, it takes you to a fake Petro-Canada web-page (hosted on a website in Germany) where you have to answer three basic demographic questions and then pick a prize box. No matter which box you pick, you won't "win". But, they'll give you a second chance, and no matter which box you pick, you will "win". You pick your prize, and then they'll ask for your contact info and mailing address, and then you'll be asked to give them your credit card info to pay a $5 "shipping fee".
If you give them your credit card info, within minutes, the overseas scammers will be racking-up fake charges on your card. But even if you don't, by that point, you've already given them your contact info and mailing address, which they can use to try to steal your identity.
NEVER tap on buttons in pop-ups like this! Just force-close the app or web-browser, or if necessary, restart your device.

15b) Watch out for scam emails that say you've been selected to get a free $500 airline gift card
This screenshot is for one that pretends to be from Flair Airlines, but others are circulating that claim to be from Westjet, Home Depot, Petro-Canada, Walmart, etc.
If you click on the button, it takes you to a fake web-page (hosted on an overseas website) for the company in question, where you have to answer three basic demographic questions and then pick a prize box. No matter which box you pick, you won't "win". But, they'll give you a second chance, and no matter which box you pick, you will "win" the gift card. They'll then ask for your contact info and mailing address, and then you'll be asked to give them your credit card info to pay a $5 "shipping fee".
If you give them your credit card info, within minutes, the overseas scammers will be racking-up fake charges on your card. But even if you don't fall for that, by that point, you've already given them your contact info and mailing address, which they'll use to try to steal your identity.
NEVER tap on buttons in pop-ups like this! Just force-close the app or web-browser, or if necessary, restart your device.
16a) Watch out for fake Costco rebate texts
The texts, like the one screenshotted here, appear to come from a number in Quebec (819 area code), and include a link they want you to click on to get your 2% Costco member rebate…
First of all, Costco rebate cheques are sent by postal mail to your home address — they're not texted.
However, if you don't know that and click on the link, it takes you to a security screen that asks you to click on all the squares with a specific item in them to prove you're not a robot, just as in the Service Canada scam above. Once you do that, it takes you to a (fake) Costco reward redemption page which asks you to click on the icon for your bank or credit union, and then it takes you to a (fake but real-looking) log-in page for that bank or credit union.
If you type in your user name/card # and password, you'll be giving overseas scammers direct access to your bank account! NEVER click on links in texts or emails like this!

16b) Watch out for scam Costco "membership expiry" emails
The emails, which look like the screenshot below, are coming from an email address (@mail-kfwf.com) which we traced to the same people as the McAfee scam above. The e-mail say that your Costco membership has expired, but that as part of their loyalty program, you can get a one-year membership extension for free…
If you hover your mouse over the "Extend For FREE" button on the actual email, or hold your finger on it on a phone or tablet, a pop-up will reveal that clicking or tapping on it would take you initially to a website at iad01.webex.com, which will automatically redirect you twice before ending-up at a fake Costco page at sipbelt.com asking for your email address and credit card info for a "shipping fee" of $4.
If you give them your credit card info, within minutes, the overseas scammers will start racking up fake charges on your credit card, until it's either maxxed-out or your credit card company cancels your card.
NEVER click on links in emails like this!
If you want to find out when your Costco membership expires (it'll be printed in bold across the top of every Costco receipt starting 60 days before expiry), you can go to Costco.ca and sign into your account there, or ask at Customer Service the next time you visit a Costco store.

16c) Watch out for scam Costco emails offering $2/year memberships
The emails, which look like the screenshot here, are coming from email accounts in Germany (.de), and say you can save 95% if you answer three questions.
If you hover your mouse over the "Claim Now" button on the actual email (or hold your finger on the button on a phone or tablet), you'll see that button will take you to a fake Costco webpage (footballswap.de) also in Germany.
Answer three basic demographic questions and you'll be taken to a (fake) Costco membership renewal page, where they'll want you to give them your membership number and password, plus your credit card info to pay the "$2 loyalty discount renewal fee".
If you give them that info, they'll try to buy things on your Costco account, and at the same time, they'll start racking-up fake charges on your credit card.
NEVER click on links in emails like this!

17) RCMP urge us to think twice before sharing 'heartbreaking' social media posts, as many are a bait-and-switch scam
How it works is, scammers duplicate a real post about a missing child or a lost pet, and encourage people to share the info, in hopes someone will spot the child or pet.
The catch is, their post is a link not to the original call for help, but to a duplicate post hosted on a website. Once the scammers see that their post is being shared, they change the content of that webpage, often to a fake rental ad or a bogus contest or a promise of some sort of cash payout.
Because you shared the link, your friends and loved ones are much more likely to click on it, and some may fall for the scam.
Before sharing a post, RCMP say it's wise to search the original poster's name and look for "red flags." Those can include the account being new and the user having very few friends. A keyword search can also be useful to see if the same post has been shared in other groups, particularly in faraway locations. A reverse image search can also be useful in finding out if the post is a scam.

British Columbia

Think twice before sharing 'heartbreaking' social media posts, RCMP warn

Mounties in B.C. are urging people to think twice before sharing "heartbreaking posts" on social media.


18) Scam Carbon Tax Rebate texts
The texts come from a New Brunswick or Ontario area code and look like the screenshot.
They encourage you to click on a numeric link which takes you to a fake Interac Direct Deposit web-page with icons for various Canadian banks and credit unions, as shown below…
The log-in pages for the banks and credit unions closely match the actual log=in-pages — except for the fake address.
If you provide yu bank account number and password, the scammers will use that info to drain your bank account!
NEVER click on links in texts like this!
Federal Carbon Tax Rebates are credited directly to your Income Tax account in those provinces where they're issued, and BC is not one of those provinces anyway, as BC has its own Carbon Tax Credit program.

19) CRTC says to watch out for scam calls impersonating them
Canada's communications regulator — the Canadian Radio TV and Telecommunications Commission says scammers are calling people pretending to be from the CRTC and requesting personal and financial info.
The CRTC says they will never ask you for that sort of info.
The scammers are using call spoofing to make it appear that the phone is coming from the CRTC.
More about how that works is below…

crtc.gc.ca

Caller ID Spoofing

Information about Caller ID Spoofing


20) Watch out for creative fake PayPal "payment request" emails
The emails look like the screenshot below (shared by astute Tech Talk listener Monica), and are coming from service@intl.paypal.com, and employ a sneaky reverse-psychology twist…
They show you a hefty $799 USD payment request, and say, "If you don't recognize it, don't engage with this request", and give you a phone number to call. That number — the one in this email is a Provo, Utah number — will route your call to a call-centre in India, where a scammer posing as PayPal will offer to block the payment, but will need you to give them your PayPal account email address or user name, and password.
If you give them that info, they'll log into your PayPal account, change your password so you can't get in, and then start transferring money to themselves! NEVER call phone numbers in emails like this!
If you want to check payment requests, open the PayPal app, or go directly to PayPal.com.

21) Watch out for fake overdue Hydro Energy bill emails
The emails, with the subject Outstanding Hydro Energy Payment, are coming from @outlook.de accounts in Germany (.de) and look like the screenshots below from Ron Fraser…
The link they want you to click on (paristulipascde.nl) is a webpage in The Netherlands with a fake BC Hydro payment page. (It's since been shut down but will likely re-appear at a different address.)
It shows the $34 account owing and asks you to put in your credit card info to pay it to avoid having your power turned-off.
If you give them your credit card info, within minutes, the overseas scammers will begin racking-up fake charges on your credit card account! NEVER click on links in emails like this!
If you want to see the status of your BC Hydro account, go directly to BCHydro.com and log-in there.

22) Watch out for scam emails claiming to be from McAfee Security
The emails, which look like the screenshot below, are coming from an email address (@mail-gdkm.com) which we traced to Germany, and claim your info was stolen and found in a data breach…
If you hover your mouse over the "Renew Subscription" button on the actual email, or hold your finger on it on a phone or tablet, a pop-up will reveal that clicking or tapping on it would take you initially to a website at Fciflsbts-iad01.webex.com, which will automatically redirect you twice before ending-up at a fake McAfee page asking for your email address and credit card info for a charge of $99.99 CAD for a one-year licence for "unlimited devices".
If you give them your credit card info, they'll bill your card for that amount, and send you a download link for a fake version of McAfee which includes viruses, and will then also use your card info to rack up numerous other fake charges.
NEVER click on links in emails like this!
We don't recommend you use McAfee AntiVirus in any case, because it's just not very good, but if you did want to use it, either buy a licence key in a store, or go directly to McAfee's website (McAfee.com) and buy it there.

23) Watch out for scam emails offering a $500 Loblaws Gift Card
While we don't have any actual Loblaws supermarkets in Greater Victoria, Loblaws is also the parent company of Real Canadian Superstore and The Great Canadian Wholesale Club, which we do have.
The scam emails — which are coming from overseas — look like the screenshot below…
If you click the "Start Survey" button, it takes you to a fake Loblaws website at pms-popakademie.de — hosted in Germany. Once you answer four basic demographic questions, you'll be given a "chance" to win a $500 Loblaws Gift Card by clicking on one of nine gift boxes. Which ever one you pick, you will not win, but you'll be given second chance, and which ever other box you click, you will "win". You'll just have to give them your name, address, email address and credit card info to pay a $7 shipping fee.
If you give them that info, within minutes, the overseas scammers will begin racking-up charges on your credit card until your account is frozen or maxxed-out. Your credit card will have to be cancelled and replaced.
But, even if you don't give them your credit card info, by merely clicking on the "Start Survey" button and being taken to the website, the scammers will get your email address and know they got you to do that, and they'll then bombard your in-box with a raft of other scams in the ciming days and weeks.
NEVER click on links in emails like this!
If you have a Microsoft account email address and are using the new Outlook Mail app, you can click on the "Report" button at the top of the page to report the scam email to Microsoft Security, and also block and delete it.

24) Watch out for (sloppy) fake Prime account reactivation emails
A new round of fake Amazon Prime subscription recativation emails is being pushed-out, and these ones aren't very good, with poor quality graphics and an obvious spelling mistake, as shown in the screenshot below…
The emails are coming from gibberish addresses in The Netherlands (,nl) and come with a subject header which contains Latin and other symbols designed to evade scam filters…
The "Verify My Account" button takes you to a fake Amazon account log-in page, also hosted in The Netherlands.
If you type in your Amazon account email and password, the hackers will be able to order things on your account and have them shipped as gifts to other addresses, unless you have 2FA — two-factor authentication — turned-on, which we recommend you do an any website or app that involves money.
The hackers will also try your email address and password on other websites to see if you used the same info there. NEVER click on links in emails like this!

25a) Watch out for unusual Goverment of Canada parking ticket scam texts
The scam texts, as shown in the screenshot, appear to come from a 226 area code number, and include Government of Canada logos.
The text warns that your parking ticket remains unpaid, and that if you don't pay it, your licence could be suspended, and your vehicle registration renewal will be blocked. It encourages you to click on a link, which if you do, takes you to a real-looking (but fake) Govertnent of Canada web portal hosted at ticket-unresolved-transports.com hosted on a server overseas…
Tapping on your province, itakes you to a real-looking page and asks you to fill in your licence plate info to get your ticket…
No matter what plate info you put in, you'll be told you owe $59 (notice the $ at the end in the screenshot) and they'll ask for your credit card info…
If you give them your credit card info, within minutes, overseas scammers will be using it to buy as much merchandise online as they can before your credit card company detects the scam and suspends your card. NEVER click on links in texts like this, and NEVER give credit card info online unless you know and trust the online merchant!

25b) Watch out for scam texts that claim you have unpaid parking ticket(s)
The scam texts look like this screenshot, shared by astute Tech Talk listener Coralee…
25c) Watch out for scam texts that claim your vehicle was caught speeding by an automated speed camera
The text (see screenshot) urges you to click on a link to pay your fine without having to go to court.
The links in both of these scams take you to overseas websites (paybc-online.com and ticket-pay2024.com are just a couple of the ones we've seen) that look like the real "PayBC Online" web-page, where you're instructed to provide your name, address, and credit card or bank account info…
…but the websites are fake. The real PayBC website looks like this…
If you give the scammers your card info, within minutes, they'll rack up scam charges on your credit card or drain your bank account. If you think we're exaggerating, North Vancouver RCMP posted this…
If you want to pay a ticket or fine online, go to Pay.gov.bc.ca.
NEVER click on a link in a text or email about a fine or ticket.
26) Watch out for scam Facebook posts about Canadian Tire and other chains selling-off "leftover" kettles and other popular small home appliances
The posts (see screenshot) claim a chain like Candian Tire is clearing-out "leftover" popular items like a Smeg kettle for $3 to celebrate an anniversary.
The posts include a TV news logo — in this case CTV News — and (fake) comments to try to make it look legit.
Tapping on the post takes you to a webpage like the one screenshotted here.
Follow the prompts and you'll be asked to provide your credit card info to pay the $3 — but if you do, within minutes, scammers will be using your card info to buy stuff on your account, and your bank will have to cancel your card and send you a new one.
"Tech Talk" listener Cair did this and her bank blocked the transaction and texted her a fraud alert. When she called the credit card people, they confirmed it was a scam, cancelled her card and are sending her a replacement. She'll now have to give the new card info to all the utilities and other firms where she has auto-payments set up. If an offer seems to good to be true — especially if it uses news logos to make it sound legit, it's a scam. Thanks, Cair, for sharing this!

27a) Package delivery problem email? It's a scam.
If your email in-box is being flooded with emails about problems delivering a package to you, you're not alone. But most importantly, like the one below, they're all scams.…
It's a hard concept to get people — especially us trusting Canadians — to accept, but it's true: any email claiming to be from a courier company about a problem delivering a package, is a scam.
Among the telltale signs: 1) they're not addressed to you by name, 2) they don't say who the package is from, 3) they don't say what the package is, 4) they don't include a phone number to call, 5) the tracking number doesn't match anything you have, 6) and the email address it's from will not be from the courier firm. In the screenshotted example above, you can see (yellow arrow) that it was sent from @aginsurance.be — that's in Belgium!
They all include a button for you to click or tap, but, if you hover your mouse over the button on a computer, or hold your finger on the button on a touchscreen device, you'll get a pop-up that shows where clicking or tapping it will take you — and you'll see it's invariably an overseas website which will have a fake landing page for the courier company being impersonated. In the example above, it's a webpage (blue arrow, above) hosted on a server in (.fr) France.
The usual scam is to ask you to type in the correct address, and then your credit card info to pay a small fuel surcharge or a processing fee. If you do that, the scammers will immediately start using your credit card info to buy things which they can sell for cash. NEVER click on links in emails like this!
Even just clicking on the link is problematic, because the gibberish after the first part of the web address is computer code which tells the scammers which email recipient clicked on the button. They then know that your email address is valid, and that you're at least a bit gullible, and as a result, your inbox will be flooded with a raft of other scam emails in the days and weeks ahead.

27b) Watch out for scam "damaged package" texts
Watch out for texts like the one screendhotted here, supposedly from the US Postal Service, advising that a package was damaged in transit and that your address was lost.
They ask you to click on a link, or to reply with Y and they'll send one.
The link takes you to a fake USPS webpage hosted in Singapore, where they ask you to fill out your name, address, email and phone number to schedule delivery.
If you submit that, it takes you to a page wanting your credit card info for a 30-cent processing fee, as shown on the right…
If you give them your credit card info, within minutes, the overseas scammers will be using that info (together with the other address info you earlier gave them) to buy expensive items on your account, and your bank will have to cancel your card and send you a new one. NEVER click on links in texts or emails like this!

28) If you're getting dozens of iPhone or iPad password reset notifications, hackers are trying to get into your account.
iPhone and iPad users are the target of a new wave of phishing attacks called "MFA Bombing" that relies on user impatience, and a bug in Apple's password reset mechanism.
Victims are inundated by "Reset Password" notifications, including the text "Use this iPhone to reset your Apple ID password," and the options to allow or reject the request. This notification is genuine. It's displayed once to the user when they attempt to reset their Apple ID password, as a form of multi-factor authentication on an iPhone, Mac, iPad, or Apple Watch.
The problem with the attack is that the attacker is bombarding the target with so many notifications. They're hoping you'll either accidentally select Allow instead of Don't Allow, or will be annoyed by the deluge of notifications that you'll select Allow in order to make it stop. Don't do that! Selecting Allow would let the attacker reset your Apple ID password, granting them access to your account, and locking you out.
It's hoped that Apple will make a system change to limit the number of Reset Password notifications that can be sent within a set period of time.

29) If you're a Freedom Mobile customer, watch out for scam texts offering compensation for a bill overcharge.
The scam texts, like the one shown on the left, instruct you to click on a link to get your money via Interac transfer.
The link, freedom0mobile.com (note the deliberate typo), takes you to a "Verify you're a human" page and if you click on "I'm not a robot", it'll ask you to tap on all the images of a particular object.
If you do that, it'll take you to a fake Interac page listing all the main Canadian banks and credit unions, as shown on the left. Tap on one and it'll take you to a fake log-in page for that bank or credit union, shown on the right.
If you type in your card number and password, the scammers get immediate access to your bank account.
NEVER click on links in texts like this!

30) Watch out for scam emails supposedly from Outlook warning that your device is at risk
Watch out for scam emails like the one on the left, claiming that your device is at high risk of being infected with viruses.
The emails are coming from overseas accounts (this one was from an address @iwbza.com) and have lots of bold red words and symbols.
If you hover your mouse over the "How to remove virus" or "Security Check" buttons, or hold your finger on either of those buttons on a phone or tablet, you'll get a pop-up showing that they'll take you to a web-page at semimaration.ro — that's in Romania.
Those links go to a fake Microsoft sign-in page, where scammers are hoping you'll type in your email address and Microsoft account password, so they can immediately begin stealing your identity and money.
NEVER click on links in emails or texts like this!

31) Watch out for scam Facebook texts, advising that your account is to be permanently deleted because of a trademark violation.
A screenshot of one of these scam texts is on the left.
Note the link they want you to click on to request a review of their "decision" (yellow arrow)…it'll take you to a fake Facebook log-in page hosted on a website in Brazil (.br red circle).
If you put in your Facenbook password, the scammers will send you a message advising that you are going to be sent a security code to confirm your identity, and to type that code in the reply to them.
If you do that, you will be giving the scammers what they need to change your password and take over your Facebook account and lock you out!
NEVER click on links in texts or emails like this.
If you think a message like this is real — it never is — you could go to your Account Status within your Facebook app and look for any Notifications there.

32) Watch out for scam emails that appear to be a PayPal receipt for an item or service which you did not purchase.
The screenshot on the left, submitted by astute Tech Talk listener Peter, claims to be a receipt for a printer for $247, and encourages you to call a toll-free number if you did not make this purchase.
If you call that number (which connects to a call-centre in India), scammers posing as PayPal will offer to refund you the purchase, and will try to talk you into logging into your credit card or bank account online, and sharing the screen with them. They will then make it look like they vastly over-refunded you and will pressure you into transferring them the difference.
NEVER call phone numbers in emails like this.
If you think the receipt mightr be real, open your PayPal app or log into PayPal.com and check your transactions therre, and you'll see there's no sign of this fake one.

33) Watch out for scam texts that appear to be from Fido, offering you a $50 credit as a "thank you", as shown in these screenshots…
The texts are coming from a (since-shut-down) Ontario number, but will likely resume being sent from a different number. In the screenshots above, which Charles Martin sent us, the text includes a link (red arrow) to a fake Fido webpage at secure-fidosolutions.com, which we traced to Algeria.
If you click on the "Interac e-Transfer" banner, it takes you to a fake Interac web-page hosted on the same website, and if you click or tap on your bank or credit union, it'll take you to a fake log-in page for them. If you put in your account number and password, the scammers will proceed to empty your account. NEVER click on a link in a text like this!
If Fido, or some other company, was actually giving you a $50 "thank you" credit (not likely!), it'd show up on your bill…you wouldn't have to do anything to get it.

34) Fake Tangerine Bank texts
Watch out for scam texts that look like they're from Tangerine Bank, like the one shown on the left, submitted by astute Tech Talk listener Wendy.
The text says transactions may not be authorized until you validate your recent account activity, and it urges you to click on a link (with misspelled "assistance") which takes you to a fake Tangerine Bank log-in page, which we traced to Spain.
If you were to type in your Tangerine log-in info, you'd be giving hackers access to your account.
NEVER click on links in texts or emails like this!
If you wanted to check if it was real, you could use the Tangerine app, or go directly to their website, and check your account status there.

35) Watch out for scam "Unusual Activity On Your Account" emails
There's been a resurgence in scam emails claiming to be from Microsoft, warning you of unusual activity on your account, namely a log-in from Russia, as shown in the screenshot below…
What's unusual about the emails is that you can't see the email account they were sent from.
If you hover your mouse over the "Report The User" button. or if you hold your finger on it on a mobile device, you'll see that clicking or tapping on it will trigger an email from you to info@secaccinfoaccesses.com with the subject Report This User. The scammers at that address will then immediately send you a personalized email back, posing as Microsoft, and urging you to click on a special link to secure your account, which takes you to a fake Microsoft account log-in page. They're hoping you'll give them your account password. They'll then send you a second email advising that you'll get a code from Microsoft to secure your account and asking you to send them that code. If you do, you'll have given them the code they need to change your password and lock you out of your account.
NEVER click on links in emails or texts like this! If you think your account might actually have been accessed, go directly to your account at Account.Microsoft.com and check there for unsuual activity. If you have an Apple device, you can go directly to your account at AppleID.Apple.com. If you have a Google account, go directly to Accounts.Google.com.

36) Watch out for scam package delivery emails
Because so many of us are expecting packages these days, scammers are busy pumping-out emails advising of problems trying to deliever a package, like the one below…
The above email is from an email address (@sizeer.com) highlighted in yellow above which I traced to Poland. The scammers even used Photoshop to replace the UPS logo with IPS, although they failed to change the logo on the semi-trailer!
Scam emails like this have several things in common: they never mention your name, they never say what the delivery address was, they never say who the sender is, or what the package is.
The "Check Here" box takes you to a fake UPS webpage where they'll offer to try again to deliver your package — provided you pay a small fuel surcharge. But if you give them your credit card info, they'll rack-up fake charges and max-out your credit within hours.
NEVER click on links in emails like this! If you're waiting for a package, only use the tracking number provided by the sender.

37) Watch out for scam emails that look like they're from Norton.
The scam Norton emails are currently coming mostly in one of two styles. One is a receipt for an expensive subscription to Norton AntiVirus which you did not buy, which looks like this…
…if you call the toll-free number, you'll be connected to someone at a scam call-centre in India, and they'll "offer" to reverse the charge, but will want you to let them share your screen to make sure it goes through. If you let them do that, they'll make it appear you got a refund 10x the amount, and then pressure you to send them the difference. They'll often also try to secretly transfer money out of your account to themselves.
The second type of Norton email scam is a bright-coloured email warning you that your computer is badly infected because your Norton Security subscription has lapsed. It looks like this…
If you click the RENEW SUBSCRIPTION button, you'll be taken to a fake Norton screen hosted on a website in France (.fr), where they'll offer you a renewal at a rediculously low price — provided you give them your credit card info. If you do, the scammers will max out your credit within an hour!
Two important lessons: one, NEVER call a number in an email invoice or receipt for something you didn't order, and two, NEVER click on buttons in emails (or texts) warning you that something bad will happen if you don't take action immediately.

38) Watch out for fake "An email address was just added to your Facebook account" emails
The emails (see screenshots shared by Kyle) look like ones which Facebook would send you, if a new email address or phone number is added to your account.
But the sender is wrong: "Facebook-Alert", if you tap on it, shows as actually being from an email address that is not Facebook — in this case, from an account at minimogul.com, which is a website hosted in Tampa. FL…
They want you to click on the blue-&-white "This was not me" button.
If you do, it generates an email from your address to the scammers at an address that sort-of looks like Facebook. If you send that email, within seconds, you'll get a personalized email back that appears to be from Facebook, thanking you for reporting the 'scam' and advising that your Facebook account is being locked for your security, and that they'll email you a code in a separate email so you can change your password, and asking that you email them back with that code. Seconds later, you'll get an authentic email from Facebook, with a Password reset code
If you email that code to the scammers pretending to be Facebook Security, they'll immediately use that code to change your password, locking you out of your Facebook account. They'll then use your FB account to try to scam your all your friends — and you'll be virtually powerless to stop them.
NEVER click on links in emails like this. If you think an email like this might be real, open your Faceook app or log into to Facebook.com, and click on your Account> Settings and Privacy> Settings> Password and Security> Personal Details, and see if under Contact Info a new email address or phone # that is not yours has been added. In almost every case, it has not — the email was a scam.

39) Watch out for scam Facebook accounts claiming to be BC Transit, offering online top-up of Umo Transit cards
Umo is the transit app being used by BC Transit here in Greater Victoria, in the Cowichan valley, and in more and more other parts of BC. You can also get a physical Umo card and reload it at convenience stores where you get the card. But scammers are creating fake Umo Facebook pages with links to scam online sale and top-up websites…
The scam Facebook accounts look like this…
If you use (or want to use) the Umo transit app, you can add your credit card into the app for reloading your account. If you don't want to do that, or if you want to use a physical Umo card, you have to reload it at a convenience store that distributes the cards. You cannot reload it via social media. Any post or text that claims you can, is a scam.

40) Watch out for a scam letter mailed to you via Canada Post claiming you're entitled to millions in a life insurance inheritance
The scam letter (which is mailed in an envelope to your home address from an Ottawa postmark) looks like this scan shared by our friend Ron Fraser…
The letter urges you to email the writer, who claims to be in England, and explains that the letter has a Canadian postmark because he supposedly mailed it to you while he was in Canada for meetings.
If you email the sender, he'll email you back and offer to guide you through the process to claim the multi-million-dollar "inheritance". He'll email you all sorts of official-looking documents to supposedly confirm that you're entitled to the inheritance, and will ask you to email him pictures of your photo ID to confirm you're the benificiary.
The catch is, you'll have to wire him a substantial sum of money — usually several thousand dollars — by Western Union to cover the costs. If you do, you'll never see your money again, and you'll never hear from him again. NEVER correspond with people who send letters like this.

41) watch out for a new Shaw email scam
The emails claim (as shown in this screenshot) that due to security upgrades, Shaw email users will not be able to access their emails if they do not click a button to confirm their account…
The emails are coming from addresses @vnr1.com (highlighted in yellow), which is a Texas-based web service provider, and are addressed to "Dear Esteemed User".
The "Confirm Now" button they want you to click on or tap takes you to a fake Shaw webpage hosted on Google Docs… (https://docs.google.com/presentation/d/e/2PACX-1vQgYG2NUjaO
…and the "Upgrade Now" button they want you to click-on or tap, takes you to a fake Shaw Webmail logiin page hosted on Weebly.com…
If you provide an @shaw.ca email address and password and click/tap on "Sign In", you're giving ovderseas hackers direct access to all your emails. They'll almost immediately start forwarding a copy to themselves, and then start triggering password reset codes for your bank accounts and other accounts so they can steal your money and identity. NEVER click on links in emails or texts like this!
42) If you get an email or a text about a package delivery problem, it's almost certainly a scam…
Here's one shared by astute "Tech Talk" listener Gordon…
The email is from an address in Brazil (.br), and the "Reschedule delivery" button takes you to a fake website (also hosted in Brazil) for EVRI, which is a British-based international courier company (they used to be known as 'Hermes UK').
They'll ask you for a €1.5 "redelivery fee", and if you give them your credit card info to pay that, within minutes, your card account will be maxed-out with scam charges.
NEVER click on links in emails or texts like this!
If you ordered something from the UK, and want to know when it'll arrive, check the tracking link supplied by the online merchant.
43) If you're a Freedom Mobile customer, watch out for scam texts offering compensation for a bill overcharge.
The scam texts, like the one shown on the left, instruct you to click on a link to get your money via Interac transfer.
The link, freedom0mobile.com (note the deliberate typo), takes you to a "Verify you're a human" page and if you click on "I'm not a robot", it'll ask you to tap on all the images of a particular object.
If you do that, it'll take you to a fake Interac page listing all the main Canadian banks and credit unions, as shown on the left. Tap on one and it'll take you to a fake log-in page for that bank or credit union, shown on the right.
If you type in your card number and password, the scammers get immediate access to your bank account.
NEVER click on links in texts like this!

44) Watch out for scam emails that look like they're from Norton.
The scam Norton emails are currently coming mostly in one of two styles. One is a receipt for an expensive subscription to Norton AntiVirus which you did not buy, which looks like this…
…if you call the toll-free number, you'll be connected to someone at a scam call-centre in India, and they'll "offer" to reverse the charge, but will want you to let them share your screen to make sure it goes through. If you let them do that, they'll make it appear you got a refund 10x the amount, and then pressure you to send them the difference. They'll often also try to secretly transfer money out of your account to themselves.
The second type of Norton email scam is a bright-coloured email warning you that your computer is badly infected because your Norton Security subscription has lapsed. It looks like this…
If you click the RENEW SUBSCRIPTION button, you'll be taken to a fake Norton screen hosted on a website in France (.fr), where they'll offer you a renewal at a rediculously low price — provided you give them your credit card info. If you do, the scammers will max out your credit within an hou! Two important lessons: one, NEVER call a number in an email invoice or receipt for something you didn't order, and two, NEVER click on buttons in emails (or texts) warning you that something bad will happen if you don't take action immediately.
45) Watch out for scam emails that look like they're from Facebook
The emails advise that someone tried to log into your Facebook account from a new device, as shown in the screenshot below…
…the scam Facebook are being sent from overseas with no email address visible. The message encourages you to click on either a "Yes this was me" button or a "No, report user" button. But, as you can see from the arrows above, those buttons trigger an email from you to the scammers at an account @secaccinfoaccessesp.com with a different subject line. If you do that, they'll immediately send you back a personalized email with a link to a fake Facebook log-in page, and advising that you'll be emailed a security code to confirm its you, and to email that code back to them. In fact, that code from Facebook will be an authorization to change your password, and if you email that code to the scammers, they'll change the password and lock you out of your Facebook account and then they'll send scam messages to all your Facebook friends, posing as you,. NEVER click on buttons in emails or texts like this! If you want to check the status of your Facebook account, use the Facebook app or go directly to Facebook.com and go into your account security settings.
46) Watch out for scam texts claiming one of your accounts has been placed on hold because of a problem, as shown in the screenshots submitted by Charles Martin…
…the link in the text takes you to a fake identity-stealing Netflix log-in page at confirmprofile.info.
NEVER click on links in texts or emails like this!
If you were concerned that there might be a problem with your Netflix account, you could open the Netflix app on any of your devices, or go to Netflix.com and sign into your account.
47) Be very suspicious if you get a text that appears to be from a service which you use, alerting you to a supposedly suspicious attempt to sign into your account, like the one below…
…if you send the sender the six-digit code from a separate text message, you're giving the hackers access to your account -- and they'll immediately change the password and lock you out, and then use your account to rack up charges or to pose as you to contact your friends and try to scam them.
NEVER send a reset code to anyone.
It's common to be asked to enter a code on a website or app if you've forgotten your password, but no-one legitimate will ever ask you to text or email them a code they sent you.
48) Be on the watch for fake "your Netflix subscription is about to expire" emails
The emails, as shown in these screenshots, have the subject "Netflix Payment Deadline Approaching", and advise that your payment info is out-of-date and urge you to update your profile to avoid your subscription being suspended.
But, if you check the sender, which is listed as "Reminder" (by tapping or clicking on that name), you'll see that the email is coming from a long address that ends in .fr — which is in France.
…and if you hold your finger on the "Update Profile" button they want you to tap on, you'll see that it'll take you to a webpage also in France, where you'll find a fake Netflix log-in page…
The scammers are hoping for three things from you:
1) that you'll give them your Netflix password so they can sell access to your account to others.
2) that you use that same email address and password combo in other places, so they can steal your identity and money.
3) no matter what email and password you give them, you'll be taken to a (fake) Netflix account payment info update page, where they're hoping you'll give them your credit card info so they can start buying things on your account. NEVER click on links in emails or texts like this!
If you've received a new credit card, you can go to your Account info in the Netflix app, or go directly to Netflix.com and update your card info there.
49) Watch out for fake "Rogers "your service will be suspended soon" texts
The texts are coming from 647 area code numbers, as shown in the screenshot, and claim your service will be suspended soon unless you click on a link to complete two-step identity verification.
The link looks plausible, but it's a scam.
The website — which has since been taken down — was registered in L-A earlier this week, but the scammers will likely switch to a new site.
The scam website contained a fake Rogers 2FA set-up page where the scammers were hoping you'd give them info they'd need to try to take over your phone number.
NEVER click on links in texts or emails like this!
Texts from Rogers (or any other carrier) will never come from a 10-digit number…they'll always come from a 'short code' number like 611 or a five-digit computer number. And they;ll always tell you to log into your account on their app or website, without giving you a link.
50) Watch out for scam iPhone messages that claim your iPhone has been damaged by viruses…
The message (as shown in the first screenshot below) claims to be from Apple Security and says your iPhone has been 'severly' (sic) damaged by 16 viruses from recent visits to adult websites and urges you to install a free app to fix the problem and speed up your iPhone.
Your iPhone has NOT been damaged or infected. It's scam. You were simply tricked into clicking on a link that took you to a scam web-page — in this case, TrustAccessPro.com (look at the top of the first screenshot). If you were to click on the "Repair Now" button, it'd take you to the Apple App Store and a free app called Trust-Access as shown in the second screenshot…
What's the scam? Trust-Access (which has only been reated by one person, presumably the scammer who made it), is a useless free app, but it comes with a free three-day trial which then charges you $19.95 a month unless you cancel it! The scammers are gambling that if you do cancel it, it'll be after they got their first $20 out of you.
They avoid getting caught because they delete the app from the app store almost weekly (before anyone can post a review that it's a scam), and replace it with one with a different name. And because apps like these are not harmful to your iPhone, it's hard for Apple to detect that they're being used for subscription scamming. NEVER install apps on the basis of a pop-up screen like this one!
You can make the message go away by simply closing your web-browser or re-starting your iPhone.
And if you do install a subscription app and don't realize that till after your free trial is over, contact Apple and they'll almost always refund your first subscription fee. Here's how…

Apple Support

Request a refund for apps or content that you bought from Apple - Apple Support

Some purchases from the App Store, iTunes Store, Apple Books, or other Apple services might be eligible for a refund. You can use any device with a web browser to request a refund.

51) Watch out for fake emails from Costco or Rogers or Walmart about a free iPhone 16 Pro or iPad Pro
The emails look similar, but with different logos, as shown in these screenshots…
The emails are coming from overseas addresses such as @cs.apple.com or @sky-robotics.com, and they encourage you to click or tap on a "CONFIRM NOW! button. If you do, you'll be taken to a fake website for the provider in question, where you'll be asked to answer three demographic questions.
You'll next be taken to a webpage with a bunch of prize boxes and asked to choose one. No matter which box you choose, you will not 'win'…but you'll be given 'a second chance', and no matter which one of the remaining boxes you pick, you will 'win'.
You'll then be asked to choose the colour if the iPhone or iPad which you've 'won', and then to give them your contact info and the address where you want it delivered. If you do that, they'll then ask for your credit card info to pay for a niminal delivery fee — usually just a few dollars.
If you give them that, within minutes, overseas scammers will be using that info to buy items online which they can sell for cash, and your card will be maxed-out and have to be cancelled.
NEVER click on buttons in emails like this!
52) Watch out for fake "your Apple ID was used to sign in to a new browser" emails
The emails, as shown in the screenshot below, are comingh from China (see address highlighted in yellow) and are designed to scare you into thinking your account has been hacked…
To scare you, the email claims your account was accessed by someone in a foreign country using a different operating system (in this case, someone in Iraq using the Opera web-browser).
If you tap or click on the "Log in to Apple ID" button, it'll take you to a fake Apple ID log-in page (hosted in Hong Kong), where the scammers are hoping you'll give them your Apple ID and password.
The scammers know that they can't get into your Apple ID account without a code they'll send to your devices, but that's not what they're trying to do. They're hoping that you use the same email address and password for other accounts, like your email, social media apps, or your bank, so they can get into those and steal your identity and money.
NEVER click on links in emails like this!
53) If you get a call from your phone carrier saying they're mailing you a new phone, you're probably about to be scammed.
This is a clever scam that's going on in Ontario, but is likely going to occur elsewhere here in Canada.
It begins when you get a call from someone claiming to be from your current phone carrier, who says they'd like you to try out a new phone, and that they'll ship it to you, and you can return it at no cost if you don't like it, or keep it at a really good price if you do like it.
A few days later, the phone arrives, but because the paperwork shows it'll cost you full price, you use the prepaid return label that came withy the phone to send it back for a full refund.
Here's the scam — the return label sends it to the scammer who ordered it on your behalf. When your carrier doesn't get it back, they charge the full price to your account.
If you get a call from your carrier saying they're shipping you a phone, hang up and call your carrier directly and see if a phone has been ordered under your name — and cancel it if one is coming.
If you've already received a phone (or any other item) in the mail which you didn't order, check with the seller before returning it, as the return address is likely that of a scammer.
54) Watch out for a new round of scam US Customs texts about a package they've been unable to deliver to you
The scam texts, as shown in the screenshot, are coming not from a phone number, but from a Gmail address which has been registered as an Apple ID.
The text claims that US Customs is holding a US Postal Service package for you because it has an invalid Zip Code (which is only used in the USA) and urges you to click on a link so you can give them the correct address to deliver it to.
The link — usps.com/trackka.top.us — takes you to a fake US Postal Service website hosted on a server in Lithuania, complete with a real "click on all the squares with a bridge" test to prove you're not a robot. It then takes you through a series of screens where you're asked to supply your address and contact info, and then to a screen asking for you to pay a $2 'rescheduling fee'.
The next screen asks for your credit card info to pay that fee. If you give it to them, within minutes, overseas scammers will be using your card info to make scam purchases on your account.
NEVER click on links in emails like this!
If you've ordered something that's being mailed to you, use the link supplied by the online merchant to track your package.
55) If you get a voicemail about your credit card being blocked because of a suspicious transaction, don't call the number!
Because most people know not to answer calls from numbers they don't recognize, some scammers will actually leave you a voicemail like the one shown in the screenshot.
They claim to be calling from your credit card company and say your credit card has been blocked because of a suspicious transaction, and want you to call them at their toll-free number to get your card reactivated.
Don't call — it's a scam!
If you call, they'll pretend to be a security agent with your credit card company, and will ask you to pull out your card to confirm it's hasn't been stolen or swapped, and to prove that, they'll ask you to give them the card number, expiry date, and the three numbers on the back.
If you do, they'll have all they need to start racking-up fake charges on your card!
If you think your card might have been compromised, or if you think the voicemail might be real, call the number on the back of your card — not the number sent by text, email, or voicemail.
56) Watch out for scam texts claiming to be from your bank, asking about a suspicious credit card purchase
The texts claim to be from your bank's fraud department (as shown in the screenshot from astute listener Ron).
It asks you to let them know whether or not you used your credit card to make a purchase at a specific store, and to reply Y or N.
The message sometimes includes the last four digits of your card number, which scammers buy off the black market.
If you reply to the text, you'll get an immediate reply back, advising that they've blocked the transaction and locked your card, with a link they want you to tap on to confirm your identity to unlock your card.
The link takes you to a fake log-in page for your bank, in this case, for RBC.
The scammers are wanting you to provide your card number and password, and are hoping you used that same password for other accounts such as your email, so thery can steal your identity as well as your money. NEVER respond to texts like this!
If you want, you can use the banking app on your phone, or the bank's website on your computer, to go into your account to see if rhere are any suspicious transactions.
57) Watch out for scam texts that appear to be from BMO
The texts include the BMO logo as shown in the screenshot, and claim to be a security alert about unauthorized transactions.
To make the text seem more authentic, the message refers to your card starting in 5510 29 — but in fact, all BMO client cards start with those digits!
The text is followed immediately by a second text with a link they want you to tap on…
If you tap on that link, it takes you to a CAPTCHA page where you have to tap on all the correct squares to prove you're not a computer…
If you do that, it next takes you to a fake BMO log-in page (hosted on a server in New Brunswick!), where the scammers are hoping you'll give them your BMO client card number, and password…
Even if you do give the scammers your card number and password, the scammers know that BMO won't give them access to your account without a second level of verification, for your ptrotection.
They're gambling, though, that you use the same password for other accounts like your email, so they can get into that and then trigger and intercept a password reset email and get access to your money and other accounts that way.
NEVER tap or click on texts or emails like this!