Fraud Prevention: Watch Out for These Popular Scams
According to the Better Business Bureau's Scam Tracker data, the phone is still the top means of contact for scammers. Photo: Bloom Productions/Getty Images
From legit-looking emails and texts to robocalls, thieves are trying everything to defraud you. But you can fight back.
A quick look at three typical Canadians:
- Jane, a Toronto-based movie lover, is accustomed to seeing messages from Netflix about newly added films to watch. And so, it wouldn’t be odd to get an email, with the familiar red logo, to say her account needs updating.
- Meanwhile, Tom in Vancouver received a text message from someone at CRA about filing taxes. Given that it’s March, tax season, he doesn’t second-guess it.
- And then there’s Stéphane in Montreal, who regularly struggles with technology. He answers a call on his mobile phone from his Internet Service Provider’s tech support department, claiming they detected a virus on his PC.
As you might have suspected, all three of these scenarios are attempts to defraud Canadians, many of whom are Zoomers. Through email, text messages or phone calls, the bad guys are trying every means possible to defraud you.
But you can fight back. And you don’t need to be tech savvy or spend countless hours setting up a few security measures.
What better time than in March — “Fraud Prevention Month” — to go over the basics. The following is a look at how to up your game in only a few minutes.
Know they’re out there
The first tip is to be vigilant against the fraudsters.
Exercise common sense when reading emails and text messages. No respectful company will ever ask you to urgently confirm your identity by filling out forms. Never click on suspicious attachments or links.
Don’t trust anyone calling you that claims to be from CRA, a bank, Microsoft, your ISP, and so on.
If you’re really unsure, contact the company — like your bank — to ask if it really was them. Chances are, it wasn’t. (And use a phone number you already have for them or look it up outside of any number provided in a message or on a fraudulent call).
There are also social media scams, such as a legitimate-looking note from a “friend” over Facebook Messenger, that says they’re stuck in some city and need money right away. Sigh. Your real friend’s account was compromised and cloned.
Resist free public Wi-Fi, as you’re more likely to be hacked than you are browsing on a secure connection at home. Or use your smartphone as a personal hotspot instead.
When shopping online, stick with reputable retailers and before you type in your credit card look for indicators that the site is secure, such as a little lock icon on the browser’s status bar or a URL for a website that begins with “https:” (the “s” stands for “secure”).
Strong and unique passwords, passphrases
For all the tech you use, remember to have a strong password for all your accounts, which is at least seven characters long and a combination of letters, numbers and symbols (bonus points for adding upper and lowercase characters).
Never use the same password for all your online activity, because if a site or app is breached, then the crooks have access to all your accounts. Password manager apps, like Dashlane and LastPass, aren’t a bad idea.
Or you can use a passphrase instead of a password, such as “myd0gD#1!” (derived from “my dog Duke is no. 1”).
For online banking and shopping apps, opt for “two-factor authentication,” which not only requires your password to log in, but also a one-time code sent to your mobile device, to prove it’s really you.
Use the “private” or “incognito” mode of your browser, which deletes your history and cookies after your session. Better yet, consider a Virtual Private Network (VPN) app to remain anonymous when online. There are free VPNs to use, including Canadian ones like Betternet.
Protect your smartphone and tablet, too
As evidenced by all the calls and texts Canadians are receiving, cybercriminals aren’t just targeting you through your computer anymore.
A few ways to protect your information on a smartphone or tablet:
- Make sure you lock your device, in case it’s stolen or lost, by adding a PIN, password or biometrics option (like fingerprint or facial scan).
- Only download apps from reputable companies. When using apps, read the terms and conditions before granting permission to everything (for example, why does a puzzle game want access to your contacts or camera?).
- Set up the “Find my phone” feature, which lets you remotely wipe your phone’s data clean if lost or stolen, and see where you left it on a map (when logged into another device with the same login credentials). If it’s stolen, never try to retrieve it on your own – instead, contact the authorities.
- Robocalls are annoying, and even if you block the incoming number you’ll likely be called by several other “spoofed” numbers that look like they’re coming from your local area code. Some apps can help filter out phony calls, such as Truecaller or Robocaller. Never try to engage with any human or push a button to speak to an agent. Just hang up.
- And while it won’t be a “magic bullet” against robocalls, Canada this fall should implement a technology that could help cut down on fraudulent calls. It’s an advanced call authentication system with a James Bond-sounding name, STIR/SHAKEN, adopted by the U.S. last year. STIR stands for “Secure Telephone Identity Revisited,” while SHAKEN is an acronym for “Signature-based Handling of Asserted information using toKENs.” Carriers aren’t overly optimistic, though, at least in the short run, as you’ll need a supported smartphone to take advantage of it.
Have good anti-malware, stay updated
Just as you wouldn’t leave the front door to your home unlocked, you shouldn’t let your tech be vulnerable to attacks, whether it’s a virus (or other malware) that sneaks onto your device or a “socially engineered” threat (including ransomware and phishing scams) that deceives you into divulging confidential information.
Reputable anti-malware on all your devices – laptops, desktops, tablets, and smartphones — can identify, quarantine, delete, and report any suspicious activity. The most robust software offers a suite of services, including a firewall and encryption options.
Personally, I use one called ESET as it’s affordable, it works on several devices and includes “webcam intrusion detection” that alerts you if someone is trying to remotely access your camera.
Also be sure to set up automatic updates on all your tech, including your operating system, browser, plug-ins, and other software. You only need to do this once. For software that doesn’t allow for automatic updates, check them regularly.