What scammers want from you — and how to stop them
As an award-winning cybersecurity expert and certified “ethical hacker," Terry Cutler is rarely caught off-guard by anything he finds online. But decades of experience spotting scams couldn't have prepared Cutler for an out-of-the-blue message from an unfamiliar woman with a curious question: “Are you the Terry Cutler that I've been chatting with online? The one I'm in love with?"
The answer was complicated. Although the woman had indeed fallen for a cybersecurity expert named “Terry Cutler," she had also fallen for a romance scam. It seems a Facebook fraudster had created a dating profile for “Terry Cutler" using information from his website and real photos of the Montreal-based Cutler with his son, swiped from his public Instagram account.
Yes, a scammer was audacious enough to steal the identity of a professional Internet sleuth — and unfortunately, it worked. By the time Cutler and the victim connected over Zoom to unravel the hoax, she had already drained her bank account and surrendered her life savings.
“She must have done at least 11 transfers," says Cutler, CEO of Cyology Labs and author of Insider Secrets to Internet Safety: Advice from a Professional Hacker. “The guy kept harassing her because he wanted more and more money."
Unfortunately, the victim is one of a growing number of regular people losing their hard-earned money to fraud, scams and hoaxes. According to the Canadian Anti-Fraud Centre, there were 57,055 victims of fraud in Canada in 2022, who collectively lost a staggering total of $531 million — up dramatically from the $379 million lost to fraud in 2021.
Read More:
Quick tips to protect yourself from scams
“Fraud is always changing," said Jeff Horncastle, acting client and communications outreach officer for the Canadian Anti-Fraud Centre. “That's why it's so important to stay up on current frauds that are out there. We all have to be aware of the tools and techniques the fraudsters are using."
In other words, to understand how these scams work, you need get inside the mind of the scammer. Just what are the bad guys hoping to get out of a poorly spelled spam email or unsolicited social-media DM? And how do any of them ever get caught?
Let's take a look at a few of the most commonly encountered scams.
Scam type 1: Robocall
By now, we're all familiar with the bad vibrations that come with picking up our buzzing phone only to hear a pitch for duct-cleaning, a recorded message in Mandarin, or total silence. The ringing has become so relentless that many of us don't answer our phones unless we recognize the number.
“These robocall scams are very, very popular and very difficult to stop," Cutler says.
How robocall scams work
Scammers often call claiming to represent a legit institution – for instance, the Canada Revenue Agency (CRA) or your credit card provider – perhaps flagging fraudulent activity on your account. Once they have you on the line, scammers might urge you to allow them remote access to your computer, trick you into giving up answers to your security questions, or hustle money out of you in a variety of ways.
Cutler says most of these scams originate at call centres overseas, where dozens of employees can swap victims around to reasonably mimic the feeling of being on hold with a large company. These scammers often operate alongside or even within legitimate call centres, Cutler says, making it near-impossible for law enforcement to stop them.
To make matters worse, fraudsters now have the technology to spoof the numbers of legitimate banks, stores and institutions.
What they want from you
Ultimately, these round-the-clock robocalls share a goal: to eventually get you on the phone with a human being who can trick you out of money, identifying information, or both.
What you should do
Experts advise to view any caller with caution, no matter how legitimate they might seem.
“You should never provide personal information on an incoming call," Horncastle advises. “If you get a call that is supposedly from a bank, government agency, or other service provider, you should advise them that you're going to call them back and then call a legitimate number that you're familiar with. Don't just call back that number on your call display."
Scam type 2: Phishing
It can sometimes feel like we're being flooded with suspicious emails — not all of which are caught by junk mail filters. It's a testament to how many malicious actors think there's money to be made by invading our inboxes.
How phishing scams work
Typically, scam emails and text messages will contain harmful links that will either infest your device with spyware or ransomware, or whisk you to websites designed to resemble those of legitimate institutions.
Given how easy it is for criminals to use virtual private networks (VPNs) and other tools to hide their tracks, it's again hard for law enforcement to trace any of these mass spam campaigns.
“It's difficult because the online service could be anywhere in the world," Cutler said. “It's very difficult to pinpoint where it's coming from."
What they want from you
Often, a fraudulent text or email again will claim to be from an important institution — say, the CRA, your bank, Amazon, or Facebook — with a link to a faithful facsimile of that organization's real website.
You'll be prompted to enter your login information and password, and as soon as you do, the scammer will have access to your accounts.
What you should do
Think carefully before you open a link in any message or email you receive. These spam scams can be much more sophisticated than the typo-strewn trash we typically associate with such emails or texts, so you should subject incoming messages to serious scrutiny before you click anything.
“It's also important to be aware that email address spoofing does exist," Horncastle says. “You need to be very careful to figure out where emails are really coming from."
Scam type 3: Buyer beware
When it comes to striking deals online, buyers and sellers alike are frequent targets of fraud.
How the scams work
On the buying side, shoppers have to navigate an ocean of knockoffs and counterfeit goods, while places like Kijiji and Facebook Marketplace are awash in ads for fake event tickets, vacation rentals, or pets for sale.
Sellers don't have it much easier. Often, good-faith sellers ship goods off only to have the buyer cancel their electronic transfers or pull some other kind of trick. Spoofed payments, scammers claiming account problems and overpayment are just a few of the other types of fraud that sellers have to contend with.
What they want from you
Money and, well, your stuff.
In all, merchandise scams amounted to $8.7 million in lost money in Canada in 2022 (another $868,000 was wasted on counterfeit goods), while vendor fraud was to blame for another $3.5 million in stolen money, according to the Canadian Anti-Fraud Centre.
What you should do
When striking deals with strangers, meet in a public place and avoid having anyone come to your house, Cutler says. If you're making a large purchase, stick with a reputable retailer. And remember, some deals are simply too good to be true.
“If you see a purse being sold for $100 that you know should cost $700, that should be a red flag to you that it isn't legit," Cutler says.
Scam type 4: Social media swindles
Though many of us have decades of experience identifying and ignoring phishy emails, we're sometimes less prepared for fraud being perpetrated on social media, where an authentic-looking profile might be enough to fool your average person into responding to an unsolicited WhatsApp or Facebook message.
And fraudsters are having a field day.
How the scams work
Social media is a perfect place for criminals to perpetrate investment scams — which are increasing every year “at a very alarming rate," Horncastle says. According to data from the Canadian Anti-Fraud Centre, investment scams totalled more than $308 million in lost money in Canada in 2022, far more than any other type of pitch — or romance scams, which are the next most-lucrative online cons around.
“If we're looking at dollar loss, romance scams are always near the top," Horncastle says.
In fact, romance scams were second in total dollar loss in Canada in 2022, with 1,056 victims losing a staggering $59 million, according to the Canadian Anti-Fraud Centre.
What they want from you
Once again, it's money — and social-media scammers aren't afraid to play the long game.
“In a lot of cases, scammers will communicate for months at a time with their victim," Horncastle said of romance scams.
“Down the road, they'll ask to borrow a bit of money — maybe their bank account was frozen or they lost their wallet. Once they get that first payment, they come up with more excuses, and it snowballs."
That's what happened with the woman, based in Portugal, who had a love connection with the scammer impersonating Cutler. Again and again during their months-long WhatsApp courtship, they would make plans to meet in person, and the fake Cutler would inevitably cancel. Each costly crisis — usually a work, car, or family emergency — would require large “loans" from the lovelorn victim.
In all, the woman Cutler was unwittingly wooing handed over more than 40,000 pounds — roughly $65,000.
“That was all her retirement money," Cutler says. “It was heartbreaking to see."
Cutler and the victim were able to work together to send the scammer an email with a tracked link that, when clicked, revealed the scammer's IP address. From there, they were eventually able to determine the scammer's location and hand the information over to local police. But they never were able to recoup her stolen savings.
What you should do
One trick Cutler recommends for sniffing out fake social profiles: drag the person's profile photo into a reverse Google image search. You should also scan their profile for overall activity level and to determine if they have a suspiciously high or low number of friends.
Beyond that, staying safe on social media means staying aware, informed, and cautious — no matter how tech-savvy you may be. Nowadays, experts caution that no one is immune to increasingly insidious scams.
“There's probably a belief among so many of us that we'll never be a victim — it's everyone else who's at risk. But that's just not the case anymore," Horncastle said.
“Education is the number one tool in fighting fraud. If you can keep yourself up-to-date and aware of the risks and scams that are out there, you have a much better chance at keeping you and your loved ones from becoming victims."
Learn what to look out for, and how to stay protected, at our Security Centre.