Sign In
Sign In
Key takeaways:
These days, banking is easier than ever. We can manage our accounts, transfer money, pay bills and invest securely, all from our devices– anytime, anywhere.
But scammers are trying to take advantage of people being used to mobile and online banking to trick people out of their money. They will reach out with an “urgent” message, posing as your bank, law enforcement agency or government organization. Fraudsters will try to pressure you into disclosing sensitive information by sharing your bank card, logging into fake websites, or accessing your device remotely– all in the name of “investigation” or “security.”
Learn how to stay aware of these types of financial scams and take steps to protect yourself.
Scammers will try to impersonate your bank by sending you fraudulent emails, text messages (smishing) or phone calls (vishing). And with tech advances like caller ID spoofing or deepfake audio, it’s getting even harder to tell the difference between real bank representatives and fraudsters. Here’s what to watch out for.
Scammers pretend to be a bank investigator, retailer or law enforcement agency and claim that your bank accounts have been compromised. They’ll try to trick you into using your money to “assist with” a criminal investigation or ask you to wire or e-transfer money into a separate account to “protect your finances” while they complete their investigation.
Fraudsters reach out by phone or through text messages and emails, often using caller ID spoofing, hiding their name and phone number, or disguising their email address. They will pose as legitimate organizations like your bank and claim that your account has been impacted by fraud. They will ask you for sensitive information like your one-time password (OTP) to gain access to your accounts or approve unauthorized transactions.
A scammer pretends to be a bank representative or law enforcement and tells you your bank card has been compromised. They’ll offer to send a courier or officer to collect your card and PIN for their "investigation" with the assurance that you’ll get a replacement card once they have the compromised one. Sometimes, they'll ask you to cut your card, making sure not to damage the chip and send the pieces with your PIN in a sealed envelope. Once they have the card, they'll drain your account.
This elaborate sleight-of-hand scam happens at the automatic banking machine (ABM). Someone might approach you after you use the ABM and tell you that you forgot to “close out the transaction” or that there’s an issue with the machine. They’ll offer to help by asking for your bank card. While you’re distracted, they’ll watch you enter your PIN, cancel the transaction, and return your card. But what they actually do is swap your card with a fake one and walk away with yours to drain your account.
One of the most common ways scammers pretend to be your bank is through phishing scams. This is where they send fraudulent emails, text messages (smishing) or phone calls (vishing) claiming to be a representative from your bank.
They use fear tactics to try to trick you into sharing sensitive personal information like your bank account number, personal identification number (PIN) or bank card details and ask you to click on a bad link or download a malicious attachment.
How can you tell which communications are genuine and which ones you should steer clear of? Here are some telltale signs to watch out for:
- The ‘need it now’ wire transfer request – A text or email that urges you to make an immediate wire transfer to someone you don’t know is a major red flag. They may also instruct you to buy cryptocurrency or gift cards to “protect” your money. Fraudsters create a sense of urgency, convincing you to act fast to avoid financial loss, leaving you no time to think critically.
- A 'surprise' call or text from your bank – Be cautious if you get a phone call or text message asking for sensitive information (especially if you didn’t initiate the communication). Fraudsters may also spoof phone numbers to make the call appear real.
- A visit from your bank – Your bank will never send someone to your home to collect your bank card or money.
- Suspicious links or attachments – Be wary of emails or text messages with links or attachments. Fraudsters often disguise harmful malware that can infiltrate your device, giving criminals access to your sensitive information.
- 'Dear client' greeting – Your bank typically addresses you by name. Fraudsters will often use a generic opening to capture more unsuspecting victims.
Tip: If something feels off, always reach out to your bank directly using the official contact information on your bank card, their website or your bank statement.
Your bank might need some personal info to confirm your identity and provide services, but there are strict rules about what they can ask and how they can ask it.
A smart way to protect yourself? Know what your bank would never ask you to do. Here’s what they won’t ask for when they contact you:
Your full account number – Whether by email, text or phone call, your bank will never ask you to give your full bank account or credit card information. Typically, they’ll only need to verify partial details when you contact them directly.
Your PIN or password – This information is for your use only at automatic banking machines (ABMs) or for point-of-sale and online transactions.
Personal details about your family – Asking for information about your family members or other contacts is likely an impersonation scam attempt.
Click on suspicious links or give remote access – Your bank will never ask you to access a website to update your information or reset your password. They also won’t threaten to terminate your services, ask to access your computer remotely or install software to enable remote access.
Participate in an investigation – Your bank will never ask you to withdraw money or conduct transactions for fraud investigations.
Turn over a bank card – Bank cards are never hand delivered and your bank will never ask you to meet someone to hand over a bank card.
Enable two-factor verification (2SV) – Even if someone gets access to your password, they still can’t log in without a second form of authentication (usually a code sent to your phone or email address).
Tip: Most banks offer 2SV as a free security feature, so enable it wherever possible.
Create a passphrase – The strongest and most reliable form of password you can create is called a “passphrase". A passphrase is created when you take a sentence or phrase and convert it to a password. Remember, the longer your password is, the harder it is for hackers to crack!
Tip: Don't use the same password for more than one account.
Monitor your accounts – Regularly review your bank statements and credit card account activity so you can quickly spot if something seems off.
Tip: Set up transaction alerts through your bank app to notify you of any suspicious activity.
Secure your devices – Enable lock screens, use biometric authentication (fingerprint or facial recognition), and install antivirus software. These steps add extra protection if your phone or computer is lost or stolen.
Tip: Regularly update the software on your device to protect against cyberattacks.
Call your bank directly – If you do receive a call claiming to be from your bank, ask for a reference number or a file number, wait 10 minutes before calling back, using the phone number at the back of your bank card.
Be social media savvy – Limit the personal information you share online. Fraudsters can use details like your birthday, pet’s name or location to guess security questions or gain trust for impersonation attempts.
Tip: Adjust your privacy settings on social media to keep your posts and personal details more private.
If you think that you’ve fallen victim to a scam, take these 3 steps.
- Call your bank immediately using the number on the back of the card, and notify other financial institutions to let them know of the security risk. If you are a Scotiabank customer, call 1-866-625-0561 right away.
- Change your PIN and passwords to limit the amount of time scammers have access to your accounts.
- Report the incident to the Canadian Anti-Fraud Centre and your local police department.
Bottom line
Scammers are getting more sophisticated, but so are the tools you can use to protect yourself. Take steps to stay aware, stay informed and always double-check if something feels off.
