Skip to content

Spoofed emails becoming 'increasingly sophisticated': OPP

Fraudulent emails and fake websites are designed to look legitimate and often claim to be from financial institutions, government agencies or well-known businesses
fraud-adobestock_549135509
Stock image

NEWS RELEASE
ONTARIO PROVINCIAL POLICE
************************
During Fraud Prevention Month, the Ontario Provincial Police (OPP) is reminding Ontarians and businesses to stay informed and vigilant against evolving fraud threats. Cybercriminals use spoofed emails, fake websites and malware links, which are malicious links designed to install harmful software, to steal personal information, compromise business accounts and redirect payments. These tactics are becoming increasingly sophisticated, making fraud awareness and prevention critical.

Spoofed Emails and Fake Websites

Fraudulent emails and fake websites are designed to look legitimate and often claim to be from financial institutions, government agencies or well-known businesses. These messages may include copied logos, branding and professional formatting to appear authentic.

Fraudulent tactics include:

  • Slightly altered email addresses or domains (e.g. "opp.com" instead of "opp.ca")
  • Lookalike characters (e.g. replacing the lowercase letter "a" with the Cyrillic letter "α")
  • Urgent or unexpected requests for payment or sensitive information

Ransomware Attacks

Ransomware is a type of malware that encrypts files or locks systems, allowing the sender to demand payment to restore access. These attacks often begin with phishing or spear phishing emails, which use deceptive messages and infected attachments or links to steal information or gain unauthorized access. Once activated, the malware spreads through the system and may remain undetected before locking critical files.

Ransomware can also be introduced through:

  • Visiting unsafe or compromised websites
  • Plugging in infected USB drives or external devices
  • Exposing systems to the internet without proper security measures

How to Protect Yourself from Smishing Scams (SMS Phishing):

  • Do not click on links, reply to messages or call numbers from unknown senders.
  • Report suspicious texts by forwarding them to 7726 (SPAM).
  • Delete all suspicious messages immediately.
  • Keep your smartphone secure by updating your operating system and security software.
  • Use multi-factor authentication for banking, social media and other sensitive accounts.
  • Verify any unexpected text messages by checking official websites or contacting organizations directly.
  • If you are a victim of smishing frauds, ensure to review the CAFC guide on What to do if you're a victim of fraud.

For more information on fraud prevention, visit opp.ca and sfo.opp.ca.

If you suspect fraudulent activity or have been a victim of fraud, report it immediately to your local police and the Canadian Anti-Fraud Centre at 1-888-495-8501 or online via the Fraud Reporting System.

************************