Financial fraud: are you covered?
Margaret Montgomery, Content Specialist
I always thought I was pretty good at identifying things that are “too good to be true,” like emails from someone pretending to be my boss, asking if I can run an errand for them or wire money. Recently, however, I’ve seen things that are way too convincing; messages about promotions at stores I frequently shop at, or alerts informing me that someone has logged on to one of my accounts. I feel like it’s becoming harder to tell what’s safe to click on and what’s not.
Ultimately, financial frauds and scams are about fraudsters trying to get access to your information so they can take your money or commit identity theft. Online scams are hard to detect and keep up with, though. Most often, people fall for authentication attempts which fraudsters use to get access to your login information. Learn more about financial fraud, how to identify scams and what to do if you’re targeted.
Phishing and social engineering attacks explained
The most common type of online cyber fraud attacks are phishing attacks that use social engineering methods, according to Alireza Zohourian, research assistant at the Canadian Institute for Cybersecurity. If you’ve ever received a text message from someone claiming to be your bank, alerting you that you have a suspicious transaction on your account or that you need to pay a bill immediately – you’ve received a phishing attempt.
But there are other forms of phishing attempts that have emerged. There are some fake financial applications that lure people in with online advertisements promising to manage your money for you, Zohourian says. But when you sign up and give them your banking information, the fraudsters end up stealing your funds. One example are fake cryptocurrency platforms and websites that are designed to look legitimate. These types of scams have emerged since crypto has gained popularity. The scammers may ask for an upfront fee to use the platform and then proceed to defraud you.
“The main approach that bad actors have is to try to persuade you to do something right now, in order to promote some urgency,” says Zohourian. Think anything like pressuring you to take advantage of a once-in-a-lifetime opportunity, or an urgent alert asking you to transfer funds or validate a transaction that doesn’t come directly from an authorized bank representative or other legitimate organization using a legitimate URL.
Spear phishing scams and AI
Spear phishing is related to the rise of AI scams. “Using AI they can create even better phishing emails, fine tune them, and basically get past the traditional security measures in place,” Zohourian says.
Zohourian mentions a recent scam where a fraudster used AI to mimic the voice of an upper executive at an energy company, tricking the CEO into sending money to a fake supplier. There are more examples where scammers use AI to sound like a friend or family member urgently needing money to get out of a bad situation.
With these examples, although the methods are different, there is both the element of urgency and the objective is to take your money or your personal information in order to access your funds or use your identity.
If debit or credit card fraud happens to you, are you covered?
If you think one of your financial accounts, like your credit card or chequing account, has been compromised, report it to your bank immediately. The quicker you act, the faster they can start their investigation. If it’s a case of credit card fraud, you should also contact Transunion and Equifax to try and ensure the fraud doesn’t affect your credit score.
There are two separate scenarios for financial fraud with different outcomes, as defined by the Ombudsman for Banking Services and Investments (OBSI), a firm that resolves disputes between baking or investing firms and their customers.
- Fraudulent transactions not authorized by the consumer
2. Transactions that the consumer authorized (scams)
Let’s look at an example for scenario 1. If you lost your credit card, then someone began using your card for purchases without your knowledge, your card’s zero liability policy would refund you for the unauthorized transactions as long as you reported it right away. The same outcome applies if someone stole your login information or card details from the internet without your knowledge. In this case, card issuers like Visa, Mastercard and American Express will refund you if you took reasonable measures to protect your information. This applies to both credit and debit cards that are issued by providers like Visa or Mastercard.
Keep in mind though, you have certain responsibilities to protect yourself against unauthorized card use. According to the Financial Consumer Agency of Canada, you may not be refunded for unauthorized transactions or losses if you:
- use an obvious PIN like your date of birth or phone number
- gave your card’s PIN to someone else, (friend or family member)
- keep a written record of the PIN near the card (writing your PIN on the back of the card)
- didn't report your card as being lost or stolen in a timely manner, specified by your agreement with your bank or financial institution (usually 30 days)
- refuse to cooperate in the investigation of the suspected fraud
- made fraudulent transactions with your card
- didn't take reasonable steps to protect your PIN or information
In scenario 2, however, things can get a bit more complicated. You still have the responsibility to report suspected fraud or scam to your bank or financial institution right away. If you knowingly clicked on a phishing link from a text message for example, the bank may decide that you are responsible for the resulting losses, unless you notify them before a fraudulent transaction happens (a.k.a, as soon as you click on the link and arrive in a suspicious portal or website.) Once you expose your information to fraudsters by clicking on suspicious links or revealing personal information like account numbers, they may be able to access your account or information on your device.
Your rights as a consumer
If you were a victim of fraud or a scam and you feel that you have not been treated fairly by your bank, you can make a complaint to the OBSI and they may conduct an investigation.
The OBSI describes a case involving a woman who clicked on a phishing link in a text message, reported it to her bank immediately, and then later saw that a $3,000 e-transfer was made without her knowledge. Her bank claimed that they were not liable because she didn’t use reasonable security practices, but the woman said that she had called to notify her bank well before the transaction occurred. The OBSI found that the bank was responsible for refunding the woman for the suspicious e-transfer, and the bank agreed. Her money was returned to her account.
However, in another case of crypto fraud, an investor was contacted by a fraudulent company and promised high returns if he agreed to transfer bitcoin to the firm. As he was exchanging his money for crypto through a legitimate cryptocurrency dealer, the platform sent him several automated notifications warning him of fraud, which he ignored. When his money was stolen by the fraudsters behind the fake crypto firm, he was found to be liable for losses because he ignored warnings from the crypto dealer and failed to protect his personal information.
BMO fraud investigation
A group of 140 customers are planning to sue the Bank of Montreal after losing tens of thousands of dollars each, in some cases, from fraudulent transactions they didn’t authorize. The BMO fraud investigation, conducted by the OBSI, concluded that the bank was not responsible for reimbursing customers because consumers somehow gave the fraudsters access to their account information, possibly by clicking on a phishing link. It is suspected that malware (a virus which infects your computer and can access all of your personal information) may have caused their account details to be leaked. The OBSI concluded that BMO had fulfilled its obligations. The outcome of the lawsuit could influence future banking fraud investigations, however.
How to protect yourself from financial fraud and scams
Always protect your personal information online and in-person. Hide your pin, and avoid conducting online banking transactions on public or unsecured wifi networks. Don’t make purchases on websites you don’t trust, and use secure passwords. Set up two-factor authentication wherever possible and turn on notifications to alert you of any logins to your account so you’re aware of what’s happening. Check your bank or credit card statements regularly. If you see something unusual, call your bank or financial institution right away.
If you receive a suspicious phone call from someone claiming to be a friend, coworker or banking representative, Zohourian recommends hanging up and calling the person on the number you have saved in your phone to ensure it’s actually them. Always use the phone number on the back of your credit or debit card or in your mobile banking app to contact your bank, not just any phone number you find on the internet.
If you receive an email or text message with a link, always slow down and examine the URL before clicking on it. Does it match the URL for the official company website, or has someone added special characters to the URL like dashes or numbers? Resist the sense of urgency scammers use to try and get you to comply.
These are all great reactive responses to help prevent financial losses from fraud. But it’s important to be proactive and aware of emerging scams to prevent losses. “The bottom line is we should start educating ourselves. We need this self-education on cybersecurity as a culture,” Zohourian says.
You can start by reading the Cyber security & fraud prevention learning guide from the Canadian Bankers Association. They also offer four free quizzes designed to help you spot phishing scams and look for telltale signs of fraud online. The government of Canada also has several resources on their Get Cyber Safe portal. Share your knowledge with family and friends too. The more educated we are on financial fraud, the better we can protect ourselves and prevent costly losses.