Statement on fraudulent phone calls and emails

Reports of scam calls and phishing emails from bad actors impersonating Deloitte professionals

People occasionally reach out to us because they’ve received an email or phone call from someone impersonating a Deloitte professional. 

These fraudulent calls are usually from bad actors, requesting business and/or banking information for criminal purposes. Email messages, also known as ‘phishing emails’ often contain file attachments that hide malicious software, or require you to click on a link and provide private/personal information, and in some cases innocent people are negatively affected.

If you think the communication you are receiving from Deloitte is suspicious, unusual, or not coming from a Deloitte professional, please reach out to your contact at Deloitte just to make sure and/or report this suspicious activity. When we are made aware of a specific incident, Deloitte’s local and global security, privacy, and legal teams work to address the issue as quickly as possible.

Should you receive a suspicious email, here are a few steps to take to assess if it is a phishing attempt:

  1. Is the message directly from a real Deloitte email address?
    Deloitte Canada employees and our affiliates currently use email addresses that end with:

    If you do business with a Deloitte firm outside Canada, please consult with them about their official email domains.
  2. Is it from someone you know?
    It’s unusual that someone from Deloitte would contact you unless you have a relationship with that individual or the firm. If you receive unsolicited phone calls or email messages from someone who says they are from Deloitte, be skeptical. Look them up, or call your local Deloitte office to confirm their contact details.
  3. Is it something you were expecting?
    We don’t believe business should be a surprise, and our people would rarely send important information without a reasonable explanation. Be cautious of messages and attachments that you don’t recognize, don’t understand, or did not ask for.
  4. Keep your IT systems up to date
    Anti-virus and anti-malware applications are the last line of defence, and should always be updated to the most recent version for the best protection.

Is someone trying to phish you?
If you received a fraudulent email and you suspect the sender is impersonating someone at Deloitte, you can contact us at

In the unfortunate event that you have opened an attachment in a fraudulent email, or otherwise suspect you’ve been the victim of a cyber attack, please contact your organization’s IT department to address the problem quickly. If the cyber attack has affected your personal computer or device, consult a trusted IT professional as soon as possible.

Did you find this useful?