Every year, Canadians lose a few hundred million dollars to financial fraud. And not just the ones who hobnob with deposed Nigerian princes who desperately need your help to secure their family fortunes. Plenty of savvy people get cheated, too. They’re tripped up by scammers employing a wide range of tricks: impersonating bank employees, using AI-generated photos and video, falsifying IDs and official-looking documents, and preying on momentary lapses in judgment caused by fear, confusion, or excitement.
It’s all very scary, and with new scams popping up all the time, it’s hard to know what to do. So we thought it might be easier to tell you what not to do when faced with some of the most common financial fraud techniques out there. If you keep these things in mind, you’ll be much more likely to protect yourself.
Just click this link and enter your SIN to access the tips. (That was a test. You passed. The tips are below.)
#1. Give your verification code to absolutely anyone who asks.
No one needs to see the two-factor authentication code you use to get into your account — not your bank, your financial advisor, your mom, or your clergyman. Never, ever give it out. If an attacker knows where you bank, they can easily pretend to be an IT specialist who needs your email address and 2FA right now to prevent someone from hacking your account. In an instant, they’ve accessed your account, changed your password, and locked you out.
Financial institutions tend to monitor suspicious account activity like 2FA sharing, even if no money changes hands, so it’s possible for them to proactively lock down your account. But — and this one is a cliche for good reason — you are your own best line of defense.
#2. Dip your card in any old card reader, even the sketchy-looking ones.
If an ATM or credit card terminal looks broken, tampered with, or otherwise out of whack, find another one. Bad guys can install a device known as a skimmer inside a point-of-sale terminal to secretly record your card data, sometimes pairing it with a camera keyboard cover to get your PIN. And they can often do it all so quickly that the store or ATM owner has no idea. You probably won’t even know your account has been compromised until your account begins to drain, but there are a few things you can do to prevent an attack.
If you’re using a card with a chip, you’re already in relatively good shape. Chip cards tend to be less susceptible to skimming than the ones with the old-school magnetic strip. To avoid pinhole cameras capturing your PIN, always do your best to cover the keypad with something (your spare hand, a newspaper, a six-inch meatball sub, etc.) when typing it in.
Enter your PIN here to see if it’s been involved in a data breach. (That was Test #2. Good for you.)
#3. Join MarkMillions2213’s ‘0-$1M NO FEES INVEST TODAY’ WhatsApp group and follow his instructions blindly.
This is a modern variation on a centuries-old scam known as a pump and dump. An attacker buys into a bunch of penny stocks to the point that they can meaningfully push their values up or down. Then they pretend to be a market whiz willing to offer “advice” to anyone who signs up, sometimes while paying a small fee. At first, participants see decent daily returns. Until, suddenly, they don’t.
Turns out, these penny stocks aren’t actually valuable beyond the hype generated by the attacker. Clients pile in on the attacker’s advice, pushing the price higher. But once these otherwise dirt-cheap stocks hit a record high, the attacker sells their holdings for a tidy profit, sending the value of the stock plummeting, and then disappears.
The biggest red flag of a pump-and-dump scam is a promise of no-risk, high-return investments. Financial institutions report these sorts of scams whenever possible, but a little discretion will save you a lot of pain — and money.
#4. Pay a crypto recovery service for pretty much anything.
First off, you should never give anyone the keys to your crypto wallet or transfer crypto as payment to anyone you don’t know (unless you’re just dying to get fleeced). But if you somehow do experience a temporary lapse in judgment and lose your crypto, don’t make it worse.
Yes, a quick Google search will turn up a bunch of businesses claiming to recover lost or stolen crypto — often for a hefty fee. But here’s our considered, reasoned analysis of every single one of those businesses: A-1 horse pucky. Most financial institutions, and even law enforcement agencies, have a tough time tracking down hot crypto. So those sites with super-long, often-changing URLs and stock photos of guys in ill-fitting suits don’t have a chance. If you do get scammed out of your crypto, instead of throwing good money after bad, report it to the Canadian Anti-Fraud Centre. And ask your friends to cross their toes.
#5. Click a ‘Wealth Simply’ ad offering an exclusive deal!
Like you may have heard the Ting Tings sing incessantly in the mid-aughts: that’s not my name.
The scam: an attacker sets up fake ads promising some kind of reward or promotion from your financial institution. Click on it, and you find yourself at a (sometimes very convincing) fake login page, often incorporating a fake 2FA login. Once you’ve entered your username and password, the attacker then uses that information to log into your actual institution’s actual login page. When that triggers a 2FA request from your real bank, the scammer just waits for you to send the six-digit code through the fake website — before ultimately unlocking your account and helping themselves.
Here’s a tip: always check the URL before entering your username or password. Fake login pages may look really, really similar, but the URL is usually a letter or two off. (You don’t have any business with the Bank of Cranada.) If you use a password manager, that adds another layer of protection, since it shouldn’t prepopulate your login information on a fake page.
Financial institutions report fake ads to social media providers, identify potential fraudulent withdrawals, and alert clients to known phishing scams, but your own healthy sense of suspicion is key. If you’re worried you clicked through a fake login page, immediately reset your password and contact your bank.
#6. Ignore every alert from your Equifax or TransUnion account.
Who’s keeping score, right? They are. And if your credit score is suddenly tanking for no clear reason — you didn’t take out a loan, stop payment on a card, or take your relationship with your debt collectors to “first-name basis” — it can be a clear sign of identity theft. Most people don’t even realize they’ve been taken advantage of until they get a call from their financial institution, or, even less fun, the cops.
In the age of AI, the stakes are even higher. Attackers can swipe photos from your social media accounts and use them to create phony IDs. Deepfakes and voice cloning capabilities compound the problem. It’s not quite the dystopian future Face/Off warned us about (and not nearly as entertaining), but it’s close. If your credit bureau is concerned enough to check in, it’s time to start sniffing out potential impostors.
What to do if you’ve been defrauded or scammed
Let’s get serious for a moment. Falling victim to a scam or fraud is one of the most painful financial hardships you can experience. It’s normal for victims to feel paranoid, embarrassed, or enraged. Those emotions can have real, lasting consequences. If you’re unable to process what happened and can’t see a way out, please reach out to a mental health service line like 998.
An unpleasant reality is that most victims don’t report fraud or scam losses, owing mostly to the embarrassment. You’re a smart, careful person, after all. How could this happen to you? The truth is, at some point, in one form or another, it happens to most people, and reporting the bad actors is one of the only ways to protect yourself and others.
The sooner you inform your financial institution, law enforcement, or the Canadian Anti-Fraud Centre of what’s happened, the more likely they are to recover any losses and/or prevent others from falling victim to the same attacker.
