How to recognize and combat cyber fraud
In today's digital age cyber crime is an increasing reality; learning to recognize and prevent these scams early will help protect your privacy.
March is Fraud Prevention month, and it’s worth remembering that no locale, industry or organization is bulletproof when it comes to cyber fraud. Estimates of losses vary widely; the Better Business Bureau reports Canadians lost more than $90 million to scammers in 2016. While the Canadian Anti-Fraud Centre estimates that only five percent of fraud is ever reported, suggesting that the real impact is far greater.
Cyber security is a growing concern for many, including BlueShore Financial clients. Nearly 60% of clients responding to a recent online panel survey indicated they are worried about cyber security, but only 30% consider themselves to be savvy about the steps to take to safeguard their personal or financial information. We’ve rounded up some key tips and information to help you keep your privacy and finances more secure.
Ask yourself: does this seem phishy?
Phishing is when Internet scammers use email lures to “fish” for passwords and financial data from the sea of online users. Phishing attacks use “spoofed” (look-alike) email messages and fraudulent websites designed to trick recipients into divulging personal, business and sensitive information such as credit card numbers, account usernames and passwords or social insurance numbers. Phishing messages often appear to come from large and well-known companies or websites with a broad customer or subscriber base such as well-known financial institutions, online retailers and credit card companies.
They can present an array of scenarios – from “there’s a problem with your account” to “your loan/credit card payment is overdue”. By masquerading as trusted brands, phishers attempt to convince recipients to respond to the email and provide sensitive information. Desired responses can be simply replying to the email, clicking on a fraudulent link, or opening an infected attachment. You may also be asked to call a (fake) customer support number where you are asked to log in with your credentials (date of birth, account number, password, etc.).
No organization is immune to being “spoofed”. One of the most noteworthy scams of 2016 involved threatening emails and voice mails purporting to be from the Canada Revenue Agency regarding overdue taxes or unfiled tax returns. Payment was demanded through e-transfers, credit cards, and at least in one instance, iTunes gift cards. Authorities cracked down on an overseas call centre to shut this particular scam down, but it demonstrates just how sophisticated and convincing these scams can be.
Here are some ways to spot a phishing email:
- Spelling errors or other anomalies in the sender’s email address and the URL (web site address)
- Requests for personal or sensitive information (username, passwords, social insurance numbers, banking information, etc.)
- Pressure for urgent action or response; the fraudsters are appealing to the human inclination to click embedded links or open questionable attachments
- Scare tactics and threats; ironically, a frequent ploy is to claim “your security has been compromised”.
The best advice overall: don’t click, don't reply, don't open attachments from any suspicious email. And never provide information on automated voice response systems. BlueShore Financial will never ask you for this type of information via email and if you have any questions about authenticity of a request or email, simply call us at our Solution Centre to speak directly with one of our representatives.
Fraudsters get social
Online customer service through social media channels like Facebook and Twitter are vulnerable to fraud. “Angler phishing” is when requests for support or information to a legitimate company are monitored by scammers and then “answered” by the scammer asking for personal information or luring the victim to fraudulent websites. You can check that their “handle” matches other responses, but remember, a legitimate company will never ask you for personal details on a public network. If you’re unsure, call the company directly using a phone number you know is accurate.
“Spearphishing” is a type of phishing in which a call or email impersonates a known or trusted individual, and it’s an increasing threat to businesses. Accessing information about companies and their staff online and through social media accounts, fraudsters will do their homework to find out when key business personnel are travelling or on vacation. Then they strike.
The attack can take the form of an email to an employee claiming to be an executive or manager who needs to have money wired to them immediately. Another variant sees fraudsters masquerading as HR or technical support staff requesting login IDs and passwords. Once hackers get this data they gain entry into secured business networks where opportunities abound to capture more sensitive information. The easiest way to see if the request is valid is to phone the sender directly and get confirmation.
Convenience of public WiFi requires caution
Public WiFi access is convenient, but not secure. It’s great to check the latest news, do searches, read reviews and consult maps, for example, but never for transactions that require your personal information. You may think you’re signing into a coffee shop’s free WiFi, but it’s possible for someone to set up a hotspot that looks like free WiFi, monitor the activity, and read your private information. Limit the types of activities you do on free public WiFi and avoid accessing sensitive email or online/mobile banking transactions. Instead, use your phone’s data plan, which is secure.
Smart use of your smartphone
We live in a wireless world where technology helps bring many things, including banking, into the palm of your hand. But with this flexibility comes the need for attention to safety and a clear understanding of where your private information may be vulnerable.
Bluetooth technology provides a way to exchange information between wireless devices such as mobile phones, laptops, computers, printers, and digital cameras across a low-cost, globally available, short-range radio frequency band. It provides nearly ubiquitous connectivity, but it also can open the door to data theft.
When Bluetooth is enabled, it creates an open network to your mobile device. For sensitive information like mobile banking, we recommend you disable Bluetooth until your transactions are complete.
And use built-in smartphone security features to their best advantage. Password protect your device. Use biometric authentication. Ensure you have the auto lock set to the shortest time possible. That way if you lose your phone (or it's stolen), you'll be protected.
Adopt healthy cyber security habits
Here are a few suggestions for ways to keep your cybersecurity strong and your finances secure.
- Choose passwords that are complex and unique. Do not use your date of birth, address, phone number, or other numbers that are easy to guess based on personal information.
- Protect your device and account passwords by changing them often. Use biometric verification on your device where available and never disclose your banking passwords to anyone.
- Avoid accessing your accounts using free WiFi access or public Internet ports (Internet cafes, libraries, airports etc.).
- Don't respond to unsolicited web sites or emails that request personal information or that ask you to download documents or files.
- Be wary of pop-up windows. Don't click on any action buttons, links or take any action until you verify that the site is legitimate. Beware of pop-up warnings that claim that your computer is infected with a virus instructing you to buy or download a fix.
- Never send confidential information (account numbers of any type, password, etc.) via email.
- Don't allow websites to "remember" your password. This type of software could give anyone using your computer or mobile device access to your information.
- Limit the personal information you give out. Anything you share on social networking sites or chat rooms can be used by fraudsters for their own benefit. Be cautious in what you share.
- Keep your devices healthy with supported browsers and updated security (anti-virus) software.
- Secure your personal wireless network, and keep it password protected, whether it’s your home WiFi or your device’s personal hotspot.
- Review your banking account statements and online account transaction details promptly; report any discrepancies immediately to us at 604.982.8000 or toll-free 1.888.713.6728. Your account history should be reviewed every time you access Online Banking or access your accounts through our mobile banking app, and always no less than once a month.
- Set up financial security alerts as a convenient way to be notified by text or email of activity on your account.
- Practice email safety. Email can be used to spread viruses and other malicious software. If you ever receive an email that appears to be from us asking for account numbers, passwords or personal information, please let us know. We will never email you asking for this type of information.
Reporting fraud is critical
People don’t report cyber fraud for several reasons. They may not consider what happened to them to be a “real” crime. Or they may be embarrassed that they were victims and “clicked” on a suspect link, simply wishing to forget all the effort it took to be rid of a persistent computer virus. Businesses may not report cyber fraud for fear it will negatively impact their company’s reputation. However, reporting suspected or actual cyber fraud is important, so the authorities and trusted organizations can better protect consumers and businesses.
If you think you’ve been targeted by an email scam or other fraudulent activity, report it to the Canadian Anti-Fraud Centre, through its website at www.antifraudcentre.ca, or by telephone at 1-888-495-8501.
If you think your BlueShore Financial banking has been compromised, contact us at 604.982.8000 (1.888.713.6728).
Use Fraud Prevention Month as an opportunity to update your cybersecurity awareness and your online habits. There is an extensive resource library of information on safeguarding your privacy and security on our website.