Warning about Fraudulent Emails

The Supreme Court of Canada has become increasingly aware of fraudulent emails sent to members of the public promising the release of funds, or notices of judgements rendered against a person or organization. These emails are not legitimate, and are sent using the following techniques:

"Phishing": One of the most common types of cyber attack. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details.

Spoofing”: The act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address. Spoofing is often used in conjunction with phishing in order to lend legitimacy to the fraud attempt.

We’ve outlined a few different types of phishing attacks to watch out for:

  • Phishing: In this type of attack, hackers impersonate a real Supreme Court of Canada official to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to an imposter login screen that delivers your information directly to the attackers.
  • Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to the Supreme Court of Canada in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
  • Whaling: Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real Supreme Court of Canada executive. Using a fake domain that appears similar to ours, they look like normal emails from a high-level official of the Court  (typically the Chief Justice of Canada or the Registrar), and ask you for sensitive information (including usernames, passwords or personal banking information).
  • Shared Document Phishing: You may receive an e-mail that appears to come from file-sharing sites like Dropbox or Google Drive alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.

What You Can Do

To avoid these phishing schemes, please observe the following practices:

  • Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
  • Do not provide sensitive personal information (like usernames, passwords or personal banking information) over email.
  • Watch for email senders that use suspicious or misleading domain names. In the past, emails have been sent to individuals using “spoofed” email domains.
  • Inspect URLs carefully to make sure they’re legitimate and not imposter sites.
  • Do not try to open any shared document that you’re not expecting to receive.
  • Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source. 

Report any fraud to your local police and any fraud attempts to the Canadian Anti-Fraud Centre.