Search

Spear phishing

Scam medium:

  • Email and text
  • Phone and fax

Targeting:

  • Businesses
  • Individuals

On this page

Spear phishing scams involve scammers pretending to be from legitimate sources to convince businesses or individuals to send them money. These scams leverage existing relationships between the person receiving the email and the person sending it. The sender's address appears to be the actual email address of the source they're pretending to be, a tactic known as spoofing.

Business executive spoofs

Gift card variation

When targeting a business, a scammer sends an employee an email that appears to come from the owner, the president or another high-ranking employee. The email claims the boss is working offsite and needs help to buy gift cards for employee rewards or birthday gifts.

When targeting an individual, a scammer sends an email from a compromised and/or spoofed email account that appears to come from a known contact, such as a family member or friend. The email claims that the sender needs assistance to buy gift cards for birthday gifts or something else.

Wire transfer variation

In this variation, the email directs the employee to send an urgent, large wire transfer (e.g., more than $100,000) to a foreign account.

Financial industry client spoof

A scammer targets financial institutions, investment brokers and financial dealers with a spoofed email that appears to come from an existing client. The email directs the business to do an urgent wire transfer, usually to a foreign account.

Head office spoof

A scammer calls a franchise business and claims be from the head office. They tell the employee who answers the phone that there are problems with one of the financial products offered, such as gift cards or money transfer services. They ask the employee to select some prepaid cards, activate them, and provide them to the scammer. The scammer may also ask them to conduct a series of money transfers.

Payroll spoof

A scammer sends an email that appears to come from an existing employee. They request a change to the employee's direct deposit information. This tricks the company into depositing the employee's paycheque into a fraudulent account.

Supplier/contractor swindle

A scammer targets businesses that have an existing relationship with a supplier, wholesaler or contractors. They send a spoofed email informing the business of a change in payment details. The email provides new banking information. It requests that the business make future payments to this "new" account.

Landlord spoof

Fraud alert! As of March 15, 2023 the CAFC is seeing an increase in reports of this scam.

Fraudsters will spoof the name of a person's landlord. They'll send an email to tenants asking them to send your rent payment through e-transfer or another payment method that is different from your usual arrangement. They will give an excuse for why the normal payment won't work.

If you get an email like this, contact your landlord using the information you already have for them.

Examples of spear phishing messages

The following images are examples of spear phishing messages. Watch out for messages with unusual requests that claim to be from someone you work with. If you're unsure, look up the person's email or phone number in your work's directory and verify with them if they sent the message.

This is a screenshot of a fraudulent spear phishing email sent to an employee. The email says "I need you to make a purchase of 7 Visa gift cards at $200 face value each. Since we have it almost everywhere and can be used anywhere. You will get reimbursement alongside your surprise at the end of they day. I hope it will go a long way to appreciate and motivate everyone. How soon can you get this done?" The email is falsely signed by the President of the company.

This is a screenshot of a fraudulent spear phishing email sent to an employee. The email says "Hello, We just got off the phone with the bank and they confirmed that our bank account is currently on hold as a result of a bad check sent by another customer therefore no further payment can be deposited at this time, note that payment for sales orders will now be made by Wire transfer instead to our subsidiary company banking information. Please confirm receipt of this email so I could send you correct Wire transfer bank account information for your records?" The email is falsely signed by the Project Manager.

This is a screenshot of a fraudulent spear phishing email. The email claims to be from the landlord of a rental unit. The email has many spelling and grammar errors. It begins by addressing the tenant by name and says "Sorry to inform you that uncertain incident happen at our office today for that we would be closing early today. And also we wouldn't be opening for tomorrow Friday until Monday morning. A bogus cheque was deposited into our checking last week and I was just told by our accounting department that all payment should be paid via email money transfer. You send can your payment via e transfer today and you can drop off the rental document on Monday 29 when our office will be open." The rest of the email asks for you to confirm that this plan works for you and is fraudulently signed by your landlord.

This is a screenshot of a fraudulent spear phishing email. The email claims to be from the landlord of a rental unit. The email says (English translation) "Hello, We acknowledge receipt of your email and thank you. We would also like to inform you that as of February 1, 2023, the payment of your rent will have to be made by Interac transfer. To this end, we kindly ask you to make your transfer to our new Interac account whose email address is the following: fraudulent email address. Question: Blue Answer: Rules Thank you for sending us back the confirmation email of the transfer if possible. For any other request for information, do not hesitate to answer directly to this mail. Wishing you a good reception." The email is then fraudulently signed by your landlord.

Date modified: