As real-life interactions move online, digital fraud attempts are steadily on the rise and getting more sophisticated. Canadians are increasingly transacting online and exchanging sensitive information as part of their daily lives — and scammers are taking advantage.
Whether through emails, social posts, gaming apps or online marketplaces, or simply when chatting with friends and family on multiple platforms — we are all more susceptible to unknowingly sharing financial and identity information with a fraudster.
An Interac cyber security survey found eight in ten Canadians (86 per cent) are tired of relentless fraud attempts —which occur at least once a week for more than half of Canadians (53 per cent). The problem affects people of all ages, walks of life, and regions of the country, and is compounded by the increasing sophistication of fraud attempts. Nearly four in 10 Canadians (38 per cent) have encountered a scam where a fraudster used personal information to appear as a trusted source.
But while stress and fatigue make Canadian consumers more vulnerable to fraud, they are also becoming more empowered — acting as the first line of defence against hackers.
To help you (and your loved ones) stay safe online, we’ve compiled the most common digital scams to watch out for, along with critical tips to prevent them.
In this article you’ll learn:
- The Difference between Digital Fraud Prevention and Cyber Security
- How to Recognize and Protect Yourself from Digital Scams and Identity Theft
- How to Spot Email Fraud and Scams
- How to Send Money Safely and Prevent Online Payment Scams
- How to Be Proactive with Healthy Digital Hygiene and Checkups
- How to Avoid Phishing Attempts When Working Remotely
- How Business Leaders Can Take a People-Centred Approach to Cyber Security
- What Interac is Doing to Prevent Digital Fraud
The Difference between Digital Fraud Prevention and Cyber Security
Some consider digital fraud prevention and cyber security two sides of the same coin. Digital fraud prevention includes key strategies and best practices for identifying and avoiding online scams. Cyber security refers to the technologies and processes designed to protect networks, devices, programs, and data from unauthorized access and cyber-attacks. Together, digital fraud prevention and cyber security can help detect and stop scammers (and malware) from using your identity credentials to make a fraudulent transaction.
How to Recognize and Protect Yourself from Digital Scams and Identity Theft
Consumers are the first line of defence against fraud and digital scams. Empowering Canadians with the tools and education they need to protect themselves is the critical first step in helping to spot, avoid, and report fraud.
We advise adopting a “Stop, Scrutinize, Speak Up” approach to identify and avoid fraud attempts:
STOP: Canadians are inundated with emails, texts, chats, and phone calls, and constantly targeted across channels. When a message or request feels unusual, take a moment to stop, breathe, think, and follow your instincts. Do not feel pressured to respond to a request for personal information you were not expecting. Instead of quickly responding, make it a habit to stop and think first. If you have any doubt about a request asking for personal information or a notification of a money transfer or refund you were not expecting, do not feel pressured to respond quickly.
SCRUTINIZE: Assess the situation and look for the telltale signs of a scam. Use resources like the Canadian Anti-Fraud Centre to stay up to date on the latest scams and how to spot them. Take your time and think before responding to any kind of unexpected message.
SPEAK UP: Confirm the validity of the communication and report any concerns. If you suspect fraud, contact the sender of the communication through a completely different channel to verify its validity. If you have already provided sensitive information, contact your financial service provider immediately and report it to the Canadian Anti-Fraud Centre.
How to Spot Email Fraud and Scams
Email is a hotbed for digital fraud and money scams, with phishing attempts as the most common tactic. According to digital security firm RSA, a staggering 66 per cent of all phishing attacks are directed at Canada.
Hackers will often impersonate businesses, friends, and government officials to get you to share personal and financial information. Some typical ways scammers try to compromise email:
- Fake money transfers to trick you into handing over answers to security questions.
- Fraudulent online subscription emails to get you to click on phony links and update payment information.
- Tax scams to bait you into providing your social insurance number.
Be wary of emails from senders you do not recognize. Do not respond or click on any links unless you are certain the email is actually from a sender you trust. If you receive a deposit or money request notification you were not expecting, contact the sender through a different channel to check if it is real. Above all, trust your gut. If you suspect an email to be fraudulent, forward it right away to phishing@interac.ca.
Fraudsters will go to great lengths to try to legitimize phishing attempts, using company logos. Look for errors or strange typos in the text of an email notification, like the “$” sign appearing after (instead of before) an amount. And never send passwords or sensitive personal financial information over email or text.
When you receive a money transfer, read the message carefully. Fraudulent emails will often ask you to reply with a security answer. Consider setting up Interac e-Transfer Autodeposit, so that transactions are automatically deposited into your bank account.
How to Send Money Safely and Prevent Online Payment Scams
As Canadians increasingly send money online, here are a few tips to help prevent you from falling victim to online payment and money transfer scams:
- When you send a money transfer, only send money to people you know and trust – the same way you would with cash. That’s because an Interac e-Transfer transaction cannot be reversed once a recipient has deposited the funds.
- Always use a strong password that can’t easily be guessed or discovered – and make sure you share it via a safe channel.
- Suggest that your recipient set-up Interac e-Transfer Autodeposit for added security (and convenience).
When it comes to online marketplaces and other online sellers, take the same precautions you would with cash purchases. Check any security guidelines or policies outlined on the website to protect yourself. And consider using these tried-and-true best practices:
- Meet the seller face-to-face in a public setting, whenever possible.
- Never include the answer to the security question in the question itself.
- If you’re looking at leasing or renting, visit the unit before sending money.
- If the person you’re sending money to has registered for Interac e-Transfer Autodeposit, confirm their legal name before finalizing the transfer. There are two opportunities to see their name: when setting up the transfer and before the transfer is sent.
- Never disclose your Interac e-Transfer reference number (starts with “CA”) to anyone, even if they ask.
Always stay vigilant, because sending money via Interac e-Transfer is like sending cash.
Here are three common money transfer scams to watch out for:
1. Online Marketplace Scam: A fraudster lists something for sale on a popular online marketplace. This could be everyday goods or rare or hard-to-find items. The fraudulent seller asks for payment in advance and then never sends the item.
How to protect yourself? Don’t send money to anyone you don’t know. Look at seller reviews and ask to meet in person (in a public setting) before sending money.
2. Rental Scam: Someone poses as a landlord and says they’re not available or that they’re an intermediary for an absent landlord. They ask for a deposit on an attractive-looking rental, often through a money transfer. The would-be tenant discovers there isn’t actually a rental – and the deposit is gone.
How to protect yourself? Avoid “landlords” who don’t want to meet in person. Most importantly, never send money for a security deposit without confirming the legitimacy of the property in advance.
3. Romance Scam: A fraudster poses as a romantic interest. The new love interest asks for money for travel or to deal with an emergency. Eventually they disappear, and never repay the money they borrowed.
How to protect yourself? Be careful about sending money to anyone you’ve only known for a short time, even if you’ve become close.
These are only a few of the many (and increasingly sophisticated) payment scams out there. Interested in learning more? Read more here.
How to Be Proactive with Healthy Digital Hygiene and Checkups
Take a preventative, proactive approach against online fraud by practicing good digital hygiene. To help Canadians stay one step ahead of scammers, Interac designed a three-step digital health checkup, based on tips from industry experts and the Canadian government. We recommend using this self-care checkup every three months to identify and fix your weaknesses:
1. DIAGNOSIS
Discovering the problem is the first step toward fixing it. Kickstart your digital health with an evaluation:
- Audit your passwords for each of your online accounts (banking, social media, etc.) Ask yourself: Is each password strong, unique, and difficult to guess? Are you duplicating the same password across different accounts? Scammers will try to use your personal details to guess weak passwords or security questions.
- Check your social media privacy settings and examine your profile and posts. Ask yourself what a stranger could learn about you from just viewing them.
- Check your physical devices for data protection.
2. REMEDY
Once you identify any gaps, apply some quick fixes:
- Create strong passwords and optimize existing ones — using a mix of special characters and numbers in place of letters. Avoid obvious words and numerical strings. Often the strongest passwords are the ugliest. Change any passwords that are duplicated across multiple accounts. In fact, nearly three in 10 Canadians (27 per cent) continue to use the same, simple passwords across multiple websites.
- Manage your social media privacy settings and consider switching all your accounts to private. Do not accept follower requests from strangers on social media. When you post, be conscious about what you share online — including personal identifiable information.
Use anti-virus software on all your devices. Set up fingerprint or facial recognition and change your passcode regularly. Set your software and operating system to automatically install the latest security settings.
3. PREVENTION
Lock down your devices and accounts to make your digital security even stronger:
- Set up a password to log in to your devices.
- Wherever possible, set up two-factor or multi-factor authentication for all accounts and social media — starting with your banking app.
- Secure your network, by changing the default username and password on your Wi-Fi router. Remember not to use public Wi-Fi for transferring any sensitive data.
How to Avoid Phishing Attempts and Malicious Links When Working Remotely
As Canadians increasingly work in remote and hybrid ways, new cyber threats are also emerging. Employees and businesses need to stay vigilant to help spot the warning signs and avoid phishing attempts and malicious links.
Above all, embrace security in your day-to-day online activities. From clicking on links to interacting with data, incorporate the Stop, Scrutinize, Speak Up approach. Stop and scrutinize anything that feels questionable before you act. Pay careful attention to the source of all links before clicking on them. Fraudsters may impersonate your company’s own leaders, a charity, or other type of organization trying to solicit funds (and sensitive information). Meanwhile, hackers will exploit legitimate-sounding sources of information as lures for malware.
Here are a few tips for keeping yourself and your company safe:
- Look carefully at the URLs and addresses of any message that purports to be official.
- Implement multi-factor authentication (MFA) for all authentication requests over the internet.
- Use strong passwords and change them quarterly.
- Always use a reliable virtual private network (VPN) to create a secure connection to your
organization’s network. Avoid using open and public Wi-Fi networks. - Update your network devices with the most current policies and anti-malware software.
- Only use familiar, approved, and authorized apps on company-issued devices.
How Business Leaders Can Take a People-Centred Approach to Cyber Security
For business leaders, now is the time to protect and prepare customers and employees as they navigate an accelerated digital economy and increasingly sophisticated fraud attempts. This means adopting a people-centred approach to empower and support customers and employees as the first line of defence against cyber security attacks.
Businesses should take a two-pronged approach:
1. Focus on education to prevent the risk of attacks from happening in the first place. This means arming customers and employees before they go online and guiding their behaviour to protect against cyber security threats.
2. Recognize and accept the reality that people can and will make mistakes. From an operational and reputational standpoint, prepare for human error so that when mistakes happen, they have minimal impact on your consumers and business.
To help reduce the potential for threats and arm your people and customers against security risks, here are a few key tips:
- Build a cultural mindset that keeps security at the forefront. An important part of this is shifting the way employees perceive security in their day-to-day activities. Security should be everybody’s responsibility, not just a technical function. Employees need to become conscious of how they interact with data, so they don’t click too quickly on a link.
- Work your way backwards from possible scenarios to ensure your employees and customers can spot the early warning signs and deal with cyberattacks. Understand how people react to cyber threats — for example, by analyzing any past phishing attempts to find which were most successful and why.
- Remember that people-centric security extends to the individuals who configure your back-end infrastructure and secure your online environments. Make sure that security is part of the life cycle of the systems and applications you implement. This is becoming increasingly important for organizations, especially with the ever-growing shift to the Cloud and SaaS (Software as a Service) based applications.
What Interac is Doing to Prevent Digital Fraud
At Interac, we arm Canadians with the information they need to spot, avoid, and report fraud. We also work closely with law enforcement agencies and our own security partners to share a proactive approach for foiling digital scams.
We are connected to nearly 300 financial institutions, and over 280 government services using our verification and digital sign-in tools. This uniquely enables us to detect and prevent fraud patterns and empower Canadians to participate safely in an increasingly digital world.
Interac is one of Canada’s most trusted brands, thanks in large part to the security features built into our products and services. We have a long history of helping Canadians stay secure when transacting online, through world-class privacy, fraud mitigation, and expertise in governance and verification solutions.
At Interac, we enable Canadians to transact digitally with confidence — in service of greater convenience and control in a growing digital economy.
Here are some of the ways we work to protect you:
- Bank-grade protection: Interac e-Transfer users are protected with multiple layers of security, including transaction encryption and financial institution authentication.
- Sophisticated fraud detection and data protection tools: Our dedicated group of experts work around the clock to help financial institutions and partners monitor and flag patterns of fraud. This has contributed to making Interac e-Transfer one of the world’s safest digital money transfer services.
- Two-step authentication: To receive an Interac e-Transfer, you first need to sign into your online banking with your username and password, Touch ID, or Face ID. The second step is providing an answer to a security question that only you and the sender know.
- Pre-authentication: Interac e-Transfer Autodeposit enables you to pre-authenticate your email address or phone number to automatically deposit your funds and safely skip steps that involve passwords and security questions. Deposit times may vary depending on standard fraud checks by the sending and receiving financial institutions.
- Secure Interac Debit mobile payments: The Interac Token Service Provider (TSP) is what makes paying with Interac Debit on mobile so secure. When you add your debit card to your mobile device, a unique and random token is generated for every transaction. This means the actual card number is never shared or stored with the merchant. Among the first of its kind for a domestic network, the Interac TSP sets the standard for secure debit payments.