5 expert tips to protect yourself from financial fraud when the banks won't

1 month_ago 34

Canadians are being drained of their beingness savings by scammers — and galore are shocked erstwhile their banks garbage to reimburse them.

Bank fraud is simply a important interest successful Canada, according to the Canadian Anti-Fraud Centre. Every week, Go Public hears from radical whose accounts person been emptied by fraudsters utilizing everything from phishing emails and fake banking apps to telephone spoofing, hacked passwords and unauthorized e-transfers.

All excessively often, investigations by fiscal institutions extremity not with accountability, but with banks blaming the precise customers who trusted them with protecting their money.

  • Got a communicative you privation investigated? Contact Erica and the Go Public team [email protected]

"It's precise disappointing," said Claudiu Popa, a cybersecurity adept who's spent decades investigating cybercrime and educating the public. 

"Banks look to beryllium protecting themselves and their ain reputations, alternatively than trying to remedy a situation."

Popa says he's seen firsthand however criminals exploit mundane habits and information gaps. To help, he's sharing 5 tips that tin trim your hazard of becoming the adjacent unfortunate of slope fraud.

WATCH | How to respond if you've been defrauded and your bank's blaming you: 

Hit by fraud, but the bank's blaming you? How to support yourself

CBC News reporting reveals that banks are progressively blaming customers for falling unfortunate to fraud and errors involving their accounts. The National's Erica Johnson asks cybersecurity adept Claudiu Popa to interruption down the existent risks and what Canadians request to cognize to support their money.

1. Use strong, unsocial passwords

The archetypal extremity is the astir basic: alteration your password regularly — each 3 months is recommended — and marque it unique. 

According to password manager NordPass, the astir communal password utilized successful Canada and dozens of different countries successful 2025 is "123456." The 2nd astir communal password? "123456789." 

Popa says we should halt reasoning of passwords arsenic abbreviated codes, and alternatively deliberation of them arsenic memorable passphrases. 

"Choose your favourite enactment from a movie oregon poem oregon whatever, and sprinkle successful immoderate idiosyncratic punctuation," helium suggested. Something like, H@staLaV1staBaby!

Make definite it's 15-20 characters, and ne'er reuse passwords crossed antithetic websites. Reused passwords are 1 of the astir communal ways criminals tin summation entree aft a information breach. 

He besides recommends utilizing a password manager to store passphrases, truthful you tin conscionable transcript and paste them, alternatively of typing them out.

"Viruses latch onto the keyboard and way the keys you're typing, which it can't bash if you're pasting it directly."

2. Enable two-factor authentication, relationship alerts

Even the strongest password isn't capable if a hacker gains entree done a information breach oregon phishing scam — which is wherefore Popa says two-factor authentication (2FA) is truthful important.

It adds a 2nd furniture of security, typically done a codification sent to your instrumentality oregon generated by an authentication app. 

"It needs to beryllium a abstracted platform, truthful that's wherefore you should ever effort to person a antithetic instrumentality that you're getting your 2nd origin on," said Popa.

Graphic showing logos of Canada's large  5  banks.

None of Canada’s large 5 banks let users to acceptable up two-factor authentication for each transactions. (CBC)

He advises against utilizing SMS substance messages for 2FA erstwhile possible. Instead, opt for a unafraid authentication app similar Google Authenticator oregon Microsoft Authenticator.

Also crook connected each disposable relationship notification — for logins, password changes and transactions.

"Time is of the essence erstwhile you get defrauded," said Popa. "The sooner you find out, the much apt it is that your banking instauration volition enactment with you, alternatively than support themselves against you."

Go Public asked the large 5 banks — BMO, CIBC, RBC, TD and Scotiabank — if they let customers to acceptable up two-factor authentication. All said they springiness users the enactment to get codes via substance message, which the Canadian Anti-Fraud Centre says are susceptible to being intercepted. 

All the banks besides connection a much unafraid enactment — propulsion notifications sent done their mobile apps. But lone TD offers an authenticator app, which Popa says should beryllium modular successful the industry.

Popa besides thinks customers should person the enactment to acceptable up two-factor authentication for each purchases wherever a carnal paper is not utilized — not conscionable erstwhile they log successful to their online banking. 

Currently, nary of Canada's large 5 banks connection that. The banks bash let customers to acceptable up alerts for each transaction, truthful they tin cognize close distant if there's a fraudulent charge. 

3. Guard idiosyncratic information

Bank fraud doesn't ever impact hacking. Scammers often instrumentality radical into handing implicit accusation themselves.

Popa says societal engineering scams, phishing emails and telephone scams are becoming progressively sophisticated. 

One communal maneuver radical person written to Go Public astir is telephone spoofing.

Graphic of manus  holding a smartphone with an incoming call.

Fraudsters often manipulate caller ID, a process known arsenic 'spoofing,' to marque it look similar idiosyncratic from your slope is calling you. (L.J. Cake/CBC)

Fraudsters marque it look arsenic though they're calling from your bank, past inquire you to corroborate details similar your login credentials oregon relationship fig to "prevent fraud." 

They mightiness besides inquire you to stock a "one-time passcode" sent to your phone. 

"Many of these scammers intentionally marque these calls astatine dinnertime due to the fact that you're engaged doing thing else, due to the fact that your slope subdivision mightiness beryllium closed, due to the fact that it happens to beryllium a weekend," said Popa. "They cognize precisely however to play with your emotions and your instincts."

Never stock your passwords, PIN, one-time passcodes, oregon banking accusation with anyone who contacts you unexpectedly, either by phone, substance oregon email. 

Popa advises calling your slope straight utilizing the fig connected their authoritative website oregon your slope card. And don't click links successful unsolicited messages claiming to beryllium from your bank, helium warns. Many pb to fake websites designed to bargain your credentials. 

4. Avoid nationalist wi-fi for banking

Checking your relationship portion astatine a café mightiness look harmless — but nationalist wi-fi is 1 of the riskiest ways to entree fiscal information, Popa warns.

Hackers tin usage "man-in-the-middle" attacks to intercept your connection, bargain your login credentials, oregon adjacent instal malware.

Instead of relying connected wi-fi, usage your cellphone information plan, which is much unafraid oregon link done a trusted VPN (Virtual Private Network), which encrypts and protects your information.

WATCH | Do banks bash capable to compensate customers who are victims of fraud?

Why fewer slope fraud complaints pb to compensation

Sarah Bradley, the ombudsman and CEO astatine Ombudsman for Banking Services and Investments, responds to a study that recovered lone a 4th of banking complaints resulted successful monetary compensation successful 2023.

5. Be cautious with banking apps

Banking apps are convenient — but they tin besides airs risks, particularly if downloaded from unofficial sources oregon utilized connected devices with different inheritance apps.

Many cybersecurity experts Go Public has spoken to — including Popa — diminution to slope connected their phone.

Person typing connected  laptop portion    holding a recognition  card.

Cybersecurity adept Claudiu Popa urges radical to ne'er usage nationalist wi-fi for banking. (Shutterstock / Yulia Grigoryeva)

"Many apps tin tally spyware oregon malware without your knowledge," Popa said. "They tin instrumentality screenshots, way your enactment oregon bargain your credentials."

Popa's proposal if you bash usage mobile banking: lone download apps from the Apple App Store oregon Google Play Store. 

"Those are the lone app stores that should ever beryllium trusted with immoderate apps astatine all," helium said.

Better yet? Consider utilizing your bank's website connected a unafraid browser astatine home.

Bonus tips

Also see implementing these further information measures:

  • Monitor accounts regularly. Check your slope statements and transaction past often to drawback suspicious enactment early.

  • Shred fiscal documents. Don't flip slope statements, cheques oregon recognition paper offers without shredding them first.

  • Secure devices. Install antivirus software, alteration automatic updates and usage surface locks connected each devices that entree your fiscal accounts.

A preventable crime

Bank fraud tin consciousness overwhelming — but it isn't inevitable. Popa says tiny changes successful however you negociate accounts and devices tin marque you a acold little charismatic target.

"You can't power what banks do," helium said. "But you tin power however casual it is to scam you."

Submit your communicative ideas

Go Public is an investigative quality conception connected CBC-TV, vigor and the web.

We archer your stories, shed airy connected wrongdoing and clasp the powers that beryllium accountable.

If you person a communicative successful the nationalist interest, oregon if you're an insider with information, contact [email protected] with your name, interaction accusation and a little summary. All emails are confidential until you determine to Go Public.

Read much stories by Go Public.

Read astir our hosts.

read-entire-article