With cyber-fraud incidents rising in Canada and criminals waging sophisticated attacks via phone, text and e-mail, banks are stepping up their defences and helping customers recognize the warning signs that someone is trying to scam them.
“We see a wide variety of fraud attempts on customers’ phones, through text messages and e-mails,” says Eric Lindsay, Director of Business Intelligence & Reporting at Scotiabank’s Enterprise Fraud Management division. “Criminals go to great lengths to try to get personal information to impersonate people, access their bank accounts, make unauthorized money transfers or apply for credit products in their names.”
Lindsay says the bank’s cyber security teams employ sophisticated technologies to identify, protect, detect and respond to fraud attempts, as well as help the public to better protect themselves. Scotiabank also maintains a fraud hotline so customers can report if they have been a victim of fraud. Canadian banks also collaborate with each other and law enforcement to share best practices to prevent and detect crime.
Public vigilance was also the main theme during October’s Cyber Security Awareness Month, an international campaign to highlight the importance of cyber security and simple steps people can take to be more secure online.
Public awareness is critical as fraud incidents escalate, authorities say. The Canadian Anti-Fraud Centre (CAFC), a federal government agency that collects intelligence on fraud, says there were more than 32,160 reports of “direct calls to gain personal information” in Canada in 2018. These crimes took many forms, from extortion and fraudulent service offers, to fake bank investigator calls, to scams such as ‘phishing’ or ‘vishing.’ The CAFC notes that these crimes represented more than $24 million in reported losses in 2018, up 47% from 2016.
Experts admit it’s not easy to keep up with the evolving scams as fraudsters take advantage of consumers’ use of electronic devices. Among the tactics deployed by tech-savvy criminals, the CAFC defines phishing scams as those associated with misleading and deceptive e-mails, falsely claiming to be from a legitimate organization such as a bank, business or government agency, in an attempt to have the consumer surrender private and personal information.
Vishing or voice phishing, is a variation on this crime, when a fraudster makes a seemingly urgent call, or leaves a voice message, often with a spoofed (fake) caller ID, to persuade the victim to provide personal information. They may be directed to call another telephone number and punch in their personal information on their keypad.
“These criminals use sophisticated methods to access very specific information in support of their exploits,” says Keith McDonald, Director of Fraud Claims & Support Services with Scotiabank’s Canadian Fraud Management office. “They may ask for your bank card or Personal Identification Number, or they may try to get any personally identifiable data they can use to get around typical security questions that protect consumers.” McDonald adds that criminals sometimes want their victim to click on a link so they can install malware on their smart phone or computer. “They can then track your data and pick off your credentials when you do online banking or make a transaction.”
Lindsay says public awareness is one of the best ways to help customers protect themselves and encourage them to report incidents when they occur: “Unfortunately, there is a certain embarrassment factor that customers have and many don’t want to admit they have been tricked to give away personal information.”
“If you think you accidentally did something and are concerned, you should reach out to us before anything happens,” he says. “Don’t wait until a loss occurs. It’s often as easy as answering a few questions about the information you provided, perhaps replacing your debit card, and taking steps to mitigate the risk to your phone or computer.”
McDonald says his team has first-hand experience assisting customers in various emotional states, since they pro-actively contact clients when they identify possible fraudulent transactions and they respond to calls from worried customers: “We empathize with our customers and take steps to rectify the situation quickly and efficiently.”
Since prevention is the best defence, the financial services industry, law enforcement agencies and government authorities like the CAFC offer extensive advice to help the public avoid becoming a victim.
“If it seems too good to be true, or looks suspicious, it probably is,” says Scotiabank’s Lindsay. “There’s nothing wrong with challenging a suspicious caller and asking questions to make you comfortable with the situation. If you get a call or message that claims to be your bank but you’re not sure, call your bank back on another number you trust and ask them about the issue.”
In addition to fraud prevention tips on Scotiabank’s website, the Canadian Bankers Association (CBA) offers helpful advice to avoid various scams. For example, they warn that, if your bank wanted to contact you about suspected fraudulent activity on your debit or credit card or other account, they would never contact you by e-mail. Your bank may call you by telephone and ask for identity verification questions, but they would not ask you verbally for your Personal Identification Number (PIN), banking password or your Social Insurance Number.
“It’s important for the public to explore the resources available to help protect themselves,” McDonald says. “And, our customers can be assured that we are ready to have a conversation with them about their transactions and help them take the necessary steps to resolve the issue.”
Top tips to avoid fraud:
- Do NOT respond to unsolicited e-mails, web sites or text messages that request personal information.
- Do NOT trust unusual or high-pressure telephone calls, especially if they want you to reveal personal information.
- Do NOT share your banking passwords with anyone. Your bank will never call you or send you unsolicited emails asking for your password, PIN, credit card, account numbers etc.
- Do NOT open attachments or click on hyperlinks in emails or text messages sent by unknown senders.
- Do NOT call any numbers that appear on an e-mail you think is fraudulent.
- DO report any suspicious requests to your bank right away.
- DO use passwords that are hard to guess. Memorize them, or keep them in a safe location if you have to keep them written down.
- DO protect your computer, by downloading security software and anti-virus software, protect your internet connection and using supported browsers. See Scotiabank’s Safe Computing Practices, to learn more.