It’s always good to be aware and vigilant of recent trends in fraud, as threat actors continue to evolve their fraudulent skills and attempts. Emerging trends involve threat actors targeting potential victims through social media or direct emails, disguised as trusted organizations or affiliates.
In a poor economy, recent scams have preyed on victims through offering professional and educational credentials or high paying jobs. Phishing also continues to be a popular ploy to seek personal information.
Professional accreditation and degree scams
Some threat actors use social media and messenger services to push fraudulent offerings of professional qualifications and degrees. They do so by exploiting algorithms and impersonating legitimate organizations, using official logos and creating social media accounts bearing some iteration of the institution’s name.
Recently, a threat actor posed as a business called “CPA Mastery Hub” and used the CPA Ontario logo. The scam reached victims via messenger services on social media channels bearing the CPA Canada name. CPA Mastery Hub falsely offered the CPA designation in exchange for $3,000. In these conversations, the threat actor insisted that the certification was authentic and that recipients could immediately begin practicing as a CPA. The threat actor’s messages always seemed urgent, pushing for immediate payment and offering a 5% discount if paid in cryptocurrency. In addition, the threat actor requested that recipients also share their login credentials for the My CPA Portal.
This example is similar to online degree scams, where threat actors offer streamlined degree options. Online degree scams use social media to target potential victims and pressure them to enroll. Even if these scams follow through with providing courses, nothing is accredited and the certifications are meaningless.
Consider the following to avoid these types of scams:
- Too good to be true: Earning a professional accreditation such as the CPA with minimal effort should be an immediate red flag. If something seems too easy, it is likely a scam.
- Urgency to commit: Threat actors often pressure potential victims to act fast and may use excuses such as claiming the offer is only available for a limited time.
- Unusual payment requests: Legitimate organizations will never ask for payments to be made by e-transfer, cryptocurrency, or gift cards.
- Request for log in information: Legitimate organizations will not ask for log in information. They will often have a one-time password verification process.
Job scams
The frequency of job scams is skyrocketing, exploiting people looking for work in a bad economy. Threat actors often impersonate well-known companies and post fake job opportunities on legitimate sites such as Indeed and LinkedIn. Other times, scammers may pose as recruiters and reach you via messenger services, including WhatsApp or text messaging. In some neighbourhoods, there have been fake job ads posted on lamp posts, usually in a foreign language to attract newcomers.
Threat actors will invite applicants to interview virtually and are usually quick to make offers. These job offers can seem convincing and may even be printed on official company letterhead. Once an offer is accepted, threat actors make their move to extort money from the “new employee”.
Threat actors may solicit personal details, including banking and social insurance information, or demand payment for supposed training, uniforms, or supplies. Another ploy involves sending counterfeit cheques with a concocted tale that seeks to convince you to cash it and return a part of the funds. Unfortunately, these fake cheques will leave you liable for the full amount.
Here are a few tips to help protect you from job scams:
- Do your research: If the job is with an established company, visit the company’s website and cross-reference the career opportunities page. Search the hiring manager and other HR team members on LinkedIn to ensure you’ve been communicating with the same people. If the job is with an unknown company such as a new business or start-up, thoroughly research the company and the founder.
- Read the job description closely: Poorly written or vague job descriptions should be a red flag.
- Too good to be true: Was the job interview too much of a breeze? Did you get hired despite lacking many of the qualifications? Is the pay unusually high? It can be tempting to get swept up in a lucrative situation, but you should evaluate whether things seem too good to be real.
- Never send money: You should never pay to start a job or deposit a cheque for an employer.
Related articles
Email Phishing
Email phishing is another popular ploy threat actors use to trick people into divulging their personal information. Typically, these threat actors will impersonate a legitimate organization and send you a fake message that contains a link to a phishing site or a place where they’ll seek your personal information.
Recently, a fraudulent email survey was sent to CPA Canada members and staff. The sender disguised the survey as coming from CPA Canada. CPA Canada quickly notified the public and staff that the email was a scam. The email address used for the scam was not affiliated with CPA Canada and the organization was quick to respond, reminding stakeholders to only engage in content from trusted sources.
Consider the following to avoid these types of scams:
- Check email addresses and URLs: Do not respond or click on links from suspicious sources. Always hover your mouse over links within emails to confirm the URL destinations.
- Communications from third parties: Sometimes an organization may send communications, such as a survey, through a third party. However, the organization will inform you ahead of time and provide you with details.
- Watch for impersonation: Threat actors are known to send emails and create websites and social media channels that impersonate legitimate organizations. Look for warning signs such as slight differences in the organization’s name, email address, or logo.
What to do if you suspect you’ve been a victim of fraud
- Contact your financial institutions
- Change your passwords
- Report the incident to local police & the Canadian Anti-Fraud Centre at 1-888-495-8501
Learn more about how threat actors are using social engineering to improve methods of psychological manipulation to gain the trust of individuals.
Anthony Green is manager, security operations and compliance at CPABC
