impersonation

CAFC Impersonation Scam: Don't Get Duped

Published by ScamCheck · 21 June 2026

Fraudsters are actively impersonating the Canadian Anti-Fraud Centre (CAFC) to trick individuals into revealing sensitive personal and financial information. This blog post, based on warnings from CAFC Canada, details how this sophisticated social engineering scam operates and what you can do to pro

What Is CAFC Impersonation Scam and Why Is It Dangerous?

Imagine receiving a call or email from a trusted authority, one dedicated to fighting fraud, only to discover it's the fraudster themselves. That's the core of the Canadian Anti-Fraud Centre (CAFC) Impersonation Scam. Fraudsters pretend to be legitimate representatives of the CAFC, a real Canadian organization that collects information on fraud and identity theft. According to CAFC Canada, these deceptive individuals contact people claiming to be investigating fraud or offering to help recover money from a previous scam. This tactic is a classic example of impersonation fraud and social engineering, where scammers exploit trust in authority.

The danger of this scam is multi-layered. Victims, often already vulnerable from previous financial losses or simply trusting official-looking communications, are tricked into divulging highly sensitive personal and financial information. We've analysed hundreds of such messages and heard countless stories from individuals who, hoping for justice or recovery, unwittingly handed over details like bank account numbers, credit card information, or even online banking passwords. This information then becomes a gateway for identity theft, further financial fraud, and significant emotional distress, making it one of the most insidious forms of digital deception.

How Does This Scam Work? (Step by Step)

Scammers employ a carefully orchestrated series of steps designed to exploit your trust and sense of urgency. Here's how this impersonation scam typically unfolds:

Initial Contact & Spoofing: The scam begins with an unsolicited communication, most commonly a phone call, email, or even a text message. Fraudsters often use sophisticated techniques to spoof caller IDs or email addresses, making it appear as though the message is genuinely from CAFC Canada or another legitimate government agency. This initial illusion of authenticity is crucial for building false trust.
Building Credibility & Psychological Manipulation: The scammer, posing as a CAFC agent, will present a compelling narrative. They might claim to be investigating a fraud case you're involved in, state that your accounts are compromised, or, particularly cruelly, promise to help you recover money you lost in a previous scam. Victims who reported this scam often described feeling a mix of hope and urgency, driven by the prospect of reclaiming their losses or securing their finances. This preys on emotional vulnerabilities and past experiences.
Requesting Sensitive Information (Credential Harvesting): Once they've established a false sense of authority and urgency, the scammer will then request personal and financial information. This can include your full name, date of birth, address, Social Insurance Number (SIN), bank account details, credit card numbers, or even online banking login credentials. They justify these requests by claiming they are "necessary for verification," "to process your refund," or "to secure your account." This process is known as credential harvesting.
Pressure Tactics & Threats: To prevent you from questioning their legitimacy, scammers often employ pressure tactics. They might insist on immediate action, warning of severe consequences (like legal action or losing your chance for recovery) if you don't comply quickly. They aim to overwhelm you and prevent independent verification.
Execution of Fraud: Once you provide the requested information, the scammers disappear. They use your details for identity theft, unauthorized transactions, opening new accounts in your name, or selling your data on the dark web. In some cases, they might even trick you into making direct payments under the guise of "fees" for fund recovery.

What Are the Warning Signs?

Recognizing the red flags is your first line of defense. Be vigilant for these specific indicators when someone contacts you claiming to be from the CAFC:

Unsolicited requests for money: According to CAFC Canada, the CAFC does not contact individuals to request money under any circumstances.
Demands for sensitive personal data: Legitimate CAFC representatives will never ask for your banking passwords, full credit card numbers, Social Insurance Number (SIN) over an unsolicited call, email, or text.
Promises of 'fund recovery' that require an upfront payment: This is a common tactic in recovery scams. If you lost money previously, any offer to recover it for a fee is highly suspicious.
Threats or aggressive language: Scammers often use intimidation, threatening legal action, arrest, or other penalties if you don't comply immediately.
Creation of extreme urgency: They insist you act right now, without giving you time to think or verify their claims.
Poor grammar, spelling, or unprofessional communication: While some scams are highly sophisticated, many still contain tell-tale signs of a non-official source in their written communications.
Requests to pay via unusual methods: Be wary if they ask for payment through gift cards, cryptocurrency, or wire transfers, which are difficult to trace.

Scam vs Legitimate: How to Tell the Difference

Distinguishing a fraudulent communication from a genuine one is critical. Here's a quick comparison:

Scam Behaviour	Legitimate CAFC Behaviour
Initiates unsolicited contact to demand money, fees, or sensitive financial info.	Never contacts individuals to request money or sensitive banking passwords.
Asks for your full Social Insurance Number (SIN), banking passwords, or credit card PIN over the phone/email.	Will never ask for highly sensitive details like your SIN or banking passwords in an unsolicited interaction.
Pressures you to act immediately, threatening consequences if you don't comply.	Provides clear information, encourages verification, and respects your right to inquire further.
Promises to help you recover lost funds, but only if you pay an 'administrative fee' upfront.	Does not charge fees for their fraud prevention and information services. Their role is to collect data and provide guidance.
Uses aggressive tactics, insults, or vague threats if you express doubt or ask questions.	Maintains professionalism, offers official contact details for verification, and respects your skepticism.

Who Is Being Targeted and Why?

While anyone can fall victim to the CAFC impersonation scam, certain groups are particularly vulnerable. Scammers often target individuals who have previously been victims of fraud. These individuals, often desperate to recover their losses, are prime targets for "recovery scams" where the fraudster promises to get their money back for a fee. The elderly are also frequently targeted, sometimes perceived as more trusting or less familiar with complex digital threats and government procedures.

The motivation behind this targeting is simple yet powerful: exploitation of human psychology. Scammers leverage the authoritative image of the CAFC and the inherent trust people place in government agencies. They exploit fear (e.g., of being under investigation, of losing money) and hope (e.g., of recovering lost funds). By pretending to be from an organization designed to help victims of fraud, they create a facade of trustworthiness, making it incredibly difficult for individuals to discern the deception. This deeply manipulative form of social engineering is highly effective because it bypasses rational thought by triggering emotional responses.

What Should You Do If You Receive This?

If you receive a suspicious communication claiming to be from the Canadian Anti-Fraud Centre:

Do NOT respond: Do not answer the call, reply to the email, or click on any links in the message. Engaging with the scammer, even to say no, confirms your contact details are active.
Do NOT provide any information: Under no circumstances should you give out personal, financial, or banking details to an unsolicited caller or sender.
Block the sender/caller: Add the number or email address to your block list to prevent future contact.
Verify independently: If you're concerned about a legitimate CAFC investigation, hang up and contact CAFC Canada directly using their official contact information found on their verified government website (Canada.ca), not any contact details provided by the suspicious caller or email.
Report the incident: It's crucial to report the scam attempt to your local cybercrime authority. For instance, in Canada, you can report it to the CAFC directly. If you have been affected, report to your local cybercrime authority.

How Can You Stay Safe?

Proactive measures are your best defense against sophisticated impersonation scams:

Maintain Healthy Skepticism: Always be wary of unsolicited communications, especially those demanding personal information, payment, or immediate action. No legitimate government agency will demand sensitive data this way.
Verify Identity Independently: If someone claims to be from a government agency or financial institution, always verify their identity by contacting the organization directly using a phone number or email from their official website, not from the communication you received. Never trust caller ID alone, as it can be spoofed.
Protect Personal Information: Never share sensitive details like your Social Insurance Number (SIN), banking passwords, credit card PINs, or security questions with anyone you haven't absolutely verified. Understand that legitimate entities will never ask for these details via phone or email.
Educate Yourself and Others: Stay informed about current scam tactics. ScamCheck.tech helps you understand and identify various scams, empowering you with the knowledge to protect yourself and your loved ones.
Secure Your Accounts: Use strong, unique passwords for all your online accounts, and enable two-factor authentication (2FA) wherever possible. This adds an extra layer of security, making credential harvesting less effective.
Monitor Financial Activity: Regularly review your bank statements and credit card transactions for any suspicious or unauthorized activity. Keep an eye on your credit report for new accounts opened in your name.
Remember the CAFC Rule: Legitimate agencies like CAFC Canada will never ask for money or sensitive credentials over the phone or email to assist with an investigation or fund recovery. This is a fundamental principle to remember.

Verified by ScamCheck Research Team. Source: CAFC Canada.

Frequently Asked Questions

Does the Canadian Anti-Fraud Centre (CAFC) contact individuals to request money?

No, absolutely not. According to CAFC Canada, they will never contact individuals to request money, personal banking information, or threaten legal action if you don't comply. Any such request is a clear sign of an impersonation scam and should be treated with extreme caution.

What should I do if a caller claims to be from CAFC and asks for my SIN or bank details?

Do not provide any information. Hang up immediately. Legitimate government agencies like CAFC will never ask for sensitive personal identifiers like your Social Insurance Number (SIN), banking passwords, or credit card numbers over an unsolicited call or email. Block the number and report the attempt to your local cybercrime authorities or the CAFC directly via their official website.

I've already shared information with a scammer impersonating CAFC. What should I do next?

If you have shared personal or financial information, contact your bank and credit card companies immediately to report potential fraud and secure your accounts. Change all relevant online passwords. Report the incident to your local cybercrime authority (e.g., Cybercrime Cell) and monitor your financial statements and credit reports closely for any unauthorized activity. Consider placing a fraud alert on your credit file.

Received a suspicious message?

Paste it into ScamCheck and get an instant AI verdict — free, no signup needed.

Check it now — it's free