|
Tactic or Trigger |
What it means |
|---|---|
| Your emotions |
A desire to help. Fear. Curiosity. Disappointment. Urgency. Hope. Attackers and marketers use these because they work. Watch for emotional trigger words like “Urgent”, “Congratulations”, “Act Now” - if you spot them, pause, take a deep breath, and then assess if it’s legitimate, spam, or scam before you interact. |
| Compromised accounts |
Attackers regularly trick people into handing over their passwords and 2FA credentials. They then use those to access the accounts, harvest emails, and/or email our community. People are much more likely to reply back to a message or email that comes from a legitimate email address, like one from @mcgill.ca. |
| Spoofing |
If it’s available online, it can be copied and used for phishing! Attackers can fake names, the McGill logos, or even recreate entire websites - to trick you into trusting them. |
| Behavioral analysis |
Just like marketers, attackers study what people will click on, their habits, and interests. They count on you interacting with their phishing attempt before you have a chance to think about the red flags. |
It's (almost always) a trap: Common Scams
By learning how to spot these scams, you’ll protect yourself and others by warning them if you hear them mention one.
Unfortunately, for each legitimate service or need, there are scammers who run their own fraudulent versions. If you are unsure whether something not listed on this page could be a scam, visit the Canadian Anti-Fraud Centre’s A-Z index of scams. Alternatively, an internet search will often reveal reports of the same or similar scams.
|
Common Scams |
Description or real-life examples |
|---|---|
| Fake websites |
Attackers create fake, authentic-looking websites to steal your login credentials and personal or financial information. They spoof Microsoft, Google job pages, or career sites for major corporations. They can even create fake e-shops, and more! |
| Gift card purchase scams |
Gift cards are popular with scammers because they’re incredibly hard to track. A popular tactic is sending a short email that spoofs someone you know, asking for “a favor” to buy gift cards for them. If anyone attempts to arrange payment for goods or services using gift cards, it’s likely a scam. Learn more. |
| Charities/fundraising scams | Whether it be a tragic event, someone’s real or alleged health issue, or anything that might trigger a desire to contribute, scammers will leverage it. Before donating, always check who you’re donating to. In addition to fake charities, scammers also use legitimate, popular fundraisers to steal your money. Learn more. |
| Job opportunities |
Attackers pose as recruiters on LinkedIn, social media, and even use compromised email accounts to send out job offers that sound too good to be true. Try and spot the red flags in this real example:
|
| Common Scams | Description or real-life examples |
|---|---|
| HR-related emails |
Benefits, employment policy changes, vacation allocation, bonuses, pay increase: emails with HR topics are effective hooks attackers use. Often, they’ll come with an attachment for you to download or you’ll be prompted to sign/login to a fake site. Example:
|
| Tax scams |
Scammers pose as representatives from government agencies and claim your SIN has been compromised, you owe taxes, or you're under investigation for a financial crime. They’ll threaten arrest, fines, or deportation if you don’t respond immediately and send payment through gift cards, Bitcoin, or money transfer services. |
| Benefit scams | You’ll usually spot these as posts or messages on social media, online ads, and occasionally emails. Whether spoofed or completely fake, they promise you money in some form — inheritance, bequests, government benefits, or grants are all common examples. |
| Purchase order scams |
Watch out for these:
|
|
Common Scams |
Description or real-life examples |
|---|---|
| Sign this document |
One of the most popular and successful phishing scams involves attackers using spoofed DocuSign, Adobe Sign, and other templates that usually look somewhat legitimate. Example:
|
| IT-related scary alerts that you need to act on as soon as possible (ASAP) |
McGill IT Services (and Microsoft) will never send out an email warning that something bad will happen if you don’t take immediate action. When in doubt, look for an announcement on the IT Services site. Example:
|
| Investment opportunities | Common scams include cryptocurrency schemes, fake business or franchise offers, guaranteed investments and multi-level marketing. These scams often promise unusually high returns but result in victims losing their money. Investment scams can also be combined with other types of fraud, such as romance scams. Learn more. |
| Posts on social media |
Social media is a scammer’s paradise. They make their own accounts – often stealing content from other people or compromise other accounts. Their goal: profit, however they can. You’ll find any scam mentioned here on social media, plus many more, including sextortion and romance scams. Tip: Avoid clicking links on social media, even from people you know, and avoid accepting friend requests from anyone you don’t know. |
|
Common Scams |
Description or real-life examples |
|---|---|
| Online marketplace ads |
Whether you’re a buyer or a seller, you can be the target of these scams. From services to purchase prices that seem like you’ve scored a deal, scammers use all sorts of tactics to take your money or your stuff. Learn more. Bonus scam to watch for: E-transfer fraud. |
| Scan this to pay |
QR codes: Convenient to scan and save you from typing – but attackers can generate their own to redirect you to malicious sites. These sites may be designed to steal your login credentials or trick you into making a payment, like for parking. And just like that – boom - they have your money and your credit card information. |
| Immigration scams | Common scams include cryptocurrency schemes, fake business or franchise offers, guaranteed investments and multi-level marketing. These scams often promise unusually high returns but result in victims losing their money. Investment scams can also be combined with other types of fraud, such as romance scams. Learn more. |
| Fake fraud alerts (credit cards, banking, other financial accounts) |
Scammers impersonate banks, law enforcement, companies, and credit agencies. They may use fake caller IDs, online information to seem credible. These scams often involve fake transactions, adding fraudulent payees, or convincing you to transfer or “recover” your money. If you get one of these calls: hang up, call your financial provider using the number on the back of your card, and never send money or share sensitive information. |
| Law enforcement / extortion scams |
Whether it’s a threat against you or a loved one, an accusation of illegal activity, or an urgent plea for money, extortion scams come in may forms. These range from mass email “your computer has been hacked” scams to “grandparent scams". |