Below you can find tips and tricks for ensuring that you do not fall for a scam targeting your Wealthsimple account.
Technical support and impersonation scams
Fraudsters may impersonate client support lines and make outbound calls to victims. Here are some tips to help keep your account safe:
- Only contact Wealthsimple through our Help Center.
- Never give remote access to your devices.
- Never give out your digit 2FA (two-factor authentication) security codes or passwords.
- Never accept outbound calls asking for your confidential personal information.
- Never send funds or cryptocurrency to external sources or addresses on behalf of alleged support agents.
These scams are usually after personal login credentials that enable access to things like your bank or email accounts. Scammers may also try to access your banking information or crypto wallets by directing you to fake websites or emails requesting your credentials.
- Never give away your login credentials. Wealthsimple will never ask you to provide your login credentials.
- Never reveal your crypto private key or seed phrase. At Wealthsimple, you don't need to worry about managing your private key and seed phrase because Wealthsimple is a custodial wallet. We won't provide keys and never ask for private keys.
Tips for identifying phishing attempts
Check the sender’s email address
It is important to make sure that an email you are receiving is from a legitimate email address. To understand this, you can look at the different components of an email address: the prefix, subdomain, and root domain.
Let's use firstname.lastname@example.org as an example:
- "info" is the prefix
- "trade" is the subdomain
- "wealthsimple.com" is the root domain
Wealthsimple will only send communications to clients from the root domain wealthsimple.com. While the root domain is always the same, the prefixes and subdomains may vary.
Review the content of the email
It is also important to make sure that an email’s content is legitimate. Consider the following when reviewing the content of an email:
- Attackers may use stories that are too good to be true, garner sympathy, impersonate Wealthsimple or an employee, or issue direct threats to create urgency.
- There may be visual indicators that an email is illegitimate — for example, generic greetings, unprofessional communication, typos, strange formatting, etc. However, this may not always be the case. Attackers can sometimes send sophisticated, credible-looking emails, so don't solely rely on these indicators.
- The attacker might send unsolicited attachments. Never click, download, or open any attachments.
- Attackers will sometimes put malicious links in the phishing email. Do not click these links. Instead, hover your mouse over them to see if they're from our legitimate domain. A legitimate address will have wealthsimple.com as its root domain.
These are scams that advertise guaranteed high or fast returns with no risks. When it’s time to withdraw funds, individuals might realize it isn’t possible to get their money back. These can operate like pyramid schemes or unregulated investment managers.
Here are some tactics you can use to help avoid this type of scam:
- Practice due diligence. Is the organization regulated? Does it have a track record or reviews?
- Never send money or crypto assets unless you've done your due diligence.
- Look for grammatical errors in the website URL or elsewhere on the page.
- Stay clear of offers that sound too good to be true.
Scammers may threaten to release personal information in return for money or crypto payment, or a wallet’s private key. For example, they may use an old password obtained from an external security breach.
This is criminal extortion, and you should do the following:
- Report this to law enforcement agencies.
- Report the email/SMS to the service provider.
- Run a malware scan and change your passwords.
Crypto giveaway scams
Scammers can impersonate celebrities on social media or hack their accounts to organize fake giveaways. Sometimes, they will offer to match and multiply an amount of crypto assets sent to them as an opportunity to make a fast return. They may also use other fake accounts to support the legitimacy of the giveaway.
Here are some best practices to keep in mind:
- Never send crypto assets for wallet address verification.
- Ignore unsolicited reach outs asking for cryptocurrency payments.
- Be skeptical and avoid offers that sound too good to be true.
Crypto withdrawal scams
Before making your first crypto wallet withdrawal, you should ensure that the receiving deposit address is secure.
When you withdraw crypto to an external source (like a wallet), you will need your external wallet’s deposit address. Always copy & paste or scan the provided address as transfers are irreversible.
Crypto scam warning signs
According to the FTC, one sure sign of a scam is anyone who says you have to pay by cryptocurrency. This also includes payment by wire transfer, gift card, or cryptocurrency. Scammers prefer these methods because they are irreversible.
Look for claims like these to help you spot the companies and people to avoid:
- Scammers guarantee that you’ll make money. If they promise you’ll make a profit, that’s a scam. Even if there’s a celebrity endorsement or testimonials (those are easily faked.)
- Scammers promise big payouts with guaranteed returns. Nobody can guarantee a set return, say, double your money, much less in a short time.
- Scammers promise free money. They’ll promise it in cash or cryptocurrency, but free money promises are always fake.
- Scammers make big claims without details or explanations. Smart business people want to understand how their investment works and where their money goes. Good investment advisors want to share that information.
Preventative measures for crypto scams
Here are some preventive measures for avoiding crypto scams according to AARP and FTC:
- Enable app-based 2FA on wallets and exchanges that you use.
- Before you invest, do your due diligence. Research online for the name of the company and the cryptocurrency name, plus words like “review,” “scam,” or “complaint.”
- Don't put money in a virtual currency or cryptocurrency if you don't understand how it works.
- Don't speculate about cryptocurrencies with money you can't afford to lose.
- Don't invest in cryptocurrencies based on advice from someone you've only dealt with online.
- Don't believe social media posts promoting cryptocurrency giveaways.
- Don't share your private keys or seed phrase with anyone; keep them in a secure place.
- If it’s too good to be true, it probably is.
As mentioned on the RCMP’s website, if you have been a victim of fraud or cybercrime, please contact your local police. If you want to report an instance of a scam, fraud or cybercrime, whether you are a victim or not, please report it to the Canadian Anti-Fraud Centre.
If you believe your Wealthsimple account may be a target in a scam, please contact our risk prevention support team. You can reach this team over the phone at 1-855-255-9038 or by email through this form.