Listen to the full story here:
At $500 a month, the bargain rent for the room looked so good Hafsah Farooqui wanted to believe it was for real.
Farooqui, a second-year Toronto Metropolitan University (TMU) student, saw the accommodation listed last month on Roomies, an online site where you can seek roommates or find room listings. But when she reached out for more information, she was told she had to pay a deposit before a physical or virtual viewing.
“That’s what got my senses a bit tingling because why would they require a deposit this early?” said Farooqui, who also remembered reading on the Roomies website that potential renters should visit the property and check the contract before making a financial deposit.
Farooqui abandoned the idea and three days later noticed that the Roomies member had been banned from the site as a “fraudulent listing.”
“I’m still new to the scene myself, but then I knew when they were already asking for their deposit before visiting it, it just seemed obvious that they’re a scammer,” she said.
While Farooqui escaped with her $500 intact, other young people haven’t been so lucky. Gen Z is three times more easily fooled by online scams and twice as likely to have their social media accounts hacked compared to older generations, according to a survey Deloitte released last year.
“I would say with a generation that’s more used to being online all the time…that they’re more likely to get and read email and mobile text messages and just be more available for an attack,” said Brian Lesser, the chief information officer at TMU.
Young people who have grown up with social media are also more likely to trust the information in front of them, he said.
David Coffey, a detective with the financial crimes unit at Toronto Police Service, said job and rental scams are among the most common perils for university students. He said international students who need to rent an apartment before they arrive in Toronto are particularly vulnerable to fraudsters.
“When they show up, they realize that the person who just rented the apartment doesn’t own the apartment, so now they’re out that money.”
Scamming students isn’t new. Back in 2018 when Simran was in her third-year at TMU, she lost more than a thousand dollars in a gift card scam. She requested her name not be revealed to protect her privacy because the experience was “genuinely scary and dangerous,” she wrote in an email.
She said she was on Google researching an assignment when she clicked on a link that quickly turned into a virus. In a panic, she googled for help and called the first Apple support number that popped up on her screen. She recalled the support worker who picked up the phone was from a different country working for Apple.
First, they mirrored her computer screen and then proceeded to ask her to go and buy Samsung gift cards and share the card codes. Simran said she was so stressed she wasn’t thinking clearly and didn’t realize how outlandish this sounded.
“I was incredibly naive. There was so much I didn’t know about the world, despite even pursuing a journalism degree at the time.”
She shared the gift card codes but the next day when she woke up she said felt something was wrong. She re-dialed the number, only to be hung up on.
That’s when she realized she’d been scammed.
“The experience was very traumatic, I learned a lot and I have since been extremely alert about any emails or phone calls I get,” she said.
Online scams like the ones that caught Simran, where attackers impersonate organizations, are known as a “social engineering attack,” said Charles Finlay, executive director of Rogers Cybersecure Catalyst at TMU, the school’s national centre offering service and programs on cybersecurity.
“I hate to say that young people shouldn’t believe what they see, believe what they hear, believe what they read,” said Finlay. “But unfortunately, that’s the world we live in.”
Finlay said artificial intelligence (AI) is making matters worse because, for instance, it can be used to generate fake voicemails. “We’re going to have challenges with actual voicemails which will be fraudulent and will sound exactly like your boss and those will become very dangerous.”
Coffey said AI is also making email fraud more difficult to detect. “Even as short time ago as five years, most fraudulent emails that came in that we would see, most of us could recognize that this isn’t real…now, they’re out there almost essentially perfect” (with no grammar or other errors,) he said.
Finlay, Lesser and Coffey all provided tips on how to protect yourself from attackers. Their suggestions included:
- Practicing cybersecurity hygiene: Use a password manager to create complex passwords, and update them frequently.
- Setting up two-factor authentication, an “absolutely terrific safety mechanism,” said Finlay.
- Resisting the temptation to click on links. Instead, place your mouse over the link to see where it leads. If it looks malicious, don’t click.
- Going to the site that is ostensibly messaging you about a problem. Instead of clicking on that Amazon email link, for instance, go to the Amazon site to see if it is posted there.
- Being vigilant: “If you don’t instantly recognize who it’s from, delete it,” said Coffey.
Farooqui said she feels burnt out from searching for housing in Toronto and plans to stay in her current home in Scarborough. When summer comes her new plan is to move out with some family members while she is at her co-op placement, she said.
“I’m happy I didn’t get scammed, but I’m just wondering within that time frame (before the room posting was deleted) did somebody else get scammed?”
Talia is completing her final year in journalism at Toronto Metropolitan University. Talia loves interviewing small business to make their voices feel heard and empathizing with their stories. In her spare time she enjoys watching shows, listening to music, or playing video games. She aspires to be a better cook day by day and potentially work as a YouTuber.
