Skip to main content

Phishing for your data.

Is it spam? Should you block that sender? These days, it seems like there’s a new phishing scam in your inbox or messaging app almost daily. Although some are easy to identify, fraudsters are getting smarter, and some messages might leave you feeling confused.

What’s phishing?

Phishing is an attempt by fraudsters to extract personal information from you by posing as a reliable source, such as a financial institution or a government agency (e.g. CRA) for their financial gain.

According to a September 2020 study by Statistics Canada, “just over 4 in 10 Canadians (42%) experienced at least one type of cyber security incident since the beginning of the pandemic, including phishing attacks, malware, fraud and hacked accounts.”

The fraudster may reach out to you by phone, text or email to bait you in, using messaging techniques to try to gain your trust.

Examples of phishing scams:


  • You receive a text message offering you a government rebate if you click the link contained in the message.

  • A payment confirmation email arrives in your inbox for a service you didn’t subscribe to. It also contains links and a request to respond with your personal information.

  • You’re a newcomer to Canada, and you receive an angry phone call from someone claiming to work for the government. They threaten to deport you if you don’t pay a fee.

  • You receive a random message from a stranger on social media asking you to invest in crypto currency.

Although phishing scams are always evolving, these are a few of the common ones:


 Spear phishing

The Government of Canada describes spear phishing as a “personalized attack that includes personal details about you, such as your interests, recent online activities, or purchases.” This is all in an effort to convince you to click a link to a fraudulent website that mimics one you know, so that you can enter personal information like your banking sign-in credentials.



A form of attack using SMS texts to collect sensitive information. These texts could include dangerous links or phone numbers that could compromise your device and personal information. If you receive a suspicious text, don’t respond. If you’re unsure, you can look up the organization or service provider referenced in the text online and obtain their contact information from their website.



If you’ve ever received an unexpected call claiming to be from “Canada Revenue Agency,” you’ve likely been vished. Vishing, which is short for “voice phishing,” involves enticing people to reveal personal information by phone. Some types of vishing include robocalling, which is a pre-recorded call featuring an automated voice requesting personal information, or caller ID spoofing which uses software to create the impression that a scammer is calling from a legitimate phone number.



What are the red flags?

A government agency would never request personal information by text, and the link is often a telltale sign that a fraudster may be interested in installing malware on your device.


What can you do to protect yourself against phishing attacks?

  • Don’t click on emails you sense could be suspicious and mark them as spam immediately

  • If you do click on a suspicious email, don’t click any of the links included

  • Don’t respond to suspicious text messages or click any of the links included

  • Block suspicious emails or phone numbers to prevent further attempts

  • Never share sensitive information by email, text or over your social messaging platforms

  • Block suspicious accounts that attempt to connect with you on social media

You can never be too careful when it comes to your personal information. Understanding how fraudsters work can help you better protect yourself against their schemes.

For more safety tips, check out this article on identity theft.

* If Quick Check pre-approves a card, you can be 100% sure we’ll approve your application as long as:

a. There’s been no change in your credit file information, personal information or financial status from the time you receive your Quick Check results to the time you apply for one of our credit cards;

b. You’re at least the age of majority in the province or territory you live in;

c. Your application isn’t flagged for fraud prevention;

d. You don’t have an existing Capital One account; and

e. You haven’t applied for a Capital One account in the last 30 days or had an account with us that was not in good standing in the last year. In good standing means not past due, over limit, fraudulent, restricted, or part of a consumer credit counselling program or bankruptcy.

In some cases, we may not be able to open an account for you even though your application was approved. This can happen if we’re unable to verify your identity, or you don’t provide the required security funds if you’re approved for a Secured Mastercard®.