Online banking scams and financial schemes are hard to spot, and the financial losses they create are even harder to recover from.
In the first six months of 2023, Canadians lost more than $283 million to fraud, according to the Canadian Anti-Fraud Centre. In 2022, Canadians reported losing $531 million to fraud in 2022 — a 40% increase from 2021’s $379 million in reported losses.
As more Canadians shop, do business and communicate online, cybercriminals are seizing the opportunity to do harm. Armed with artificial intelligence (AI) tools, scammers are getting more sophisticated, faster and more difficult to trace, experts say.
Here’s a look at some common financial scams and risky behaviors, and how to avoid becoming a victim.
Phishing scams use emails or fake websites pretending to be from a reputable institution. The goal of a phishing scam is to get you to click on a link or attachment, and enter in personal and/or financial information so the scammer can access your accounts and steal your money
Phishing messages used to be rife with grammatical and spelling errors, but AI has changed the game, says Preet Banerjee, a London-based wealth management consultant and finance expert who works with clients in Canada and the United States.
Banerjee points out that tools like ChatGPT help criminals produce formal, grammatically sound content in seconds, making it harder to detect the scam.
How to protect yourself: Avoid clicking on any links or attachments received via email or text, especially in messages demanding urgent action. Take the extra step of calling your financial institution using the number on the back of your card or from a recent bank statement and ask if the communication is legitimate, Banerjee says. “An ounce of prevention is worth a pound of cure,” he adds.
Spoofing is when a scammer contacts you via a fake email address, phone number, text message or website that looks legit at first glance.
By changing a single letter, number or symbol within the communication, criminals masquerade as legitimate financial institutions in a way that’s easy to miss. The spoofed communication is usually used to phish for your personal or financial account information and/or to steal your identity.
How to protect yourself: Look closely at email addresses and link URLs to ensure there are no misspellings or typos in the domain names. Double check phone numbers against those that are listed publicly on a bank or card issuer’s website before calling. Know that most institutions won’t email, call or text you asking for personal information or account details out of the blue.
3. Password cracking/hacking
With generative-AI tools, cybercriminals can quickly test hundreds or even thousands of passwords on financial websites and social media networks to hack into your accounts, Banerjee says. If your password is easy to guess or you don’t have two-step verification enabled, it’s only a matter of time before a hacker breaks into your account, Banerjee says.
How to protect yourself: Create a hard-to-guess password, ideally 16 to 25 characters long, with a combination of upper and lowercase letters, numbers and symbols, says Terry Cutler, CEO and founder of Montreal-based Cyology Labs, a cybersecurity consulting firm. Longer, more complex passwords take longer for hackers to crack, he adds. It’s also best to avoid using the same password across multiple accounts, Cutler says.
The Canadian Anti-Fraud Centre also recommends choosing strong and unique passwords for all online accounts, including social media networks, email accounts, financial websites and other online accounts. Additionally, the Centre advises consumers to set up multi-factor authentication on all accounts where possible.
4. Unsecured Wi-Fi
Accessing your bank account or paying a credit card bill while connected to a public Wi-Fi network may be convenient, but it’s also extremely risky. Public Wi-Fi is often less secure, making it easier for criminals to spy on your activity and copy account information, such as bank account and routing numbers, security PINs, and passwords.
Your home internet connection can be also vulnerable if not properly password-protected. Scammers can connect to the devices on your home network to access sensitive data, such as passports, tax returns, photos and financial documents, then lock you out of the devices, Cutler says.
How to protect yourself: Don’t use a public Wi-Fi network to log into any financial institution, and make sure to regularly update all of your devices’ operating systems and third-party apps, suggests the Royal Bank of Canada.
When accessing sensitive accounts or work systems, use a Virtual Private Network (VPN), if you can. A VPN is a program or app that funnels your internet activity through a secure, third-party service provider that’s not part of the public Wi-Fi connection. This encrypts your web browsing and email communications, keeping them private and away from the potential prying eyes of a criminal.
Additionally, make sure your home wireless network is protected by a strong password and isn’t accessible by neighbors or the public. Backup all of your important information to an external hard drive and store it in a safe place (but don’t keep it connected to your on-network devices), Cutler advises.
What to do if you’ve been scammed
Cybercriminals are honing their craft, using more sophisticated tools and finding sneakier ways to exploit consumers for financial gain.
“If you have an email address and you’re connected to the internet, you are going to be attacked. If you’re vulnerable, you will be exploited; it’s as simple as that,” Cutler says.
If you suspect you’ve fallen victim to an online banking scam or other financial fraud, the Financial Consumer Agency of Canada advises taking the following steps:
- Change all account passwords immediately to a hard-to-guess password.
- Contact your financial institution immediately to report the fraud or scam. Depending on your user agreement, you may need to report the incident within a specific time frame. Otherwise, you may be held responsible for the transaction and won’t be able to get a full refund of stolen funds.
- Check all of your financial accounts for any suspicious or unauthorized transactions, and report those to your bank or creditor.
- Request a copy of your credit report to check for unfamiliar accounts or credit inquiries. If so, notify the creditor/company and the credit reporting agency immediately of the fraud.
- Report the fraud or scam through the Canadian Anti-Fraud Centre’s Online Reporting System tool or call 888-495-8501 to file a complaint by phone.
DIVE EVEN DEEPER
Canada has a reputation for welcoming newcomers, but new arrivals still need to be on the lookout for scams that target them, including phone scams, e-transfer scams and apartment rental scams.