October is Cyber Month, and there’s no better time to educate yourself about emerging online dangers than by taking a few moments to increase your cyber literacy and learn about some of the newer scams that fraudsters are perpetrating using digital technologies.
Last year, the Canadian Anti-Fraud Centre (CAFC) received fraud reports totaling more than $554 million in losses, almost a 40 per cent increase versus 2021. Now consider the fact that the CAFC believes the majority of fraud goes unreported.
As the Chief Information Security Officer for the Bank, Glenn Foster has a unique vantage point for seeing potential cyber threats and scams. To help combat those threats, TD is investing in significant resources and advanced technologies to fight cyber crime.
“At TD we say we have a 'Cyber Guardian Culture.' An important part of that culture is our TD cybersecurity professionals who take pride in educating our colleagues by increasing their awareness about potential threats, and sharing information about how they can help to protect TD, our customers and themselves." Foster said.
"Colleagues also contribute to our security by reporting suspicious emails and participating in ongoing cyber literacy and cyber awareness training.”
Foster said the Bank and its customers are facing sophisticated threats as fraudsters look to leverage new technologies, including generative artificial intelligence (AI), to create convincing impersonations and deepfakes to trick their targets.
"These aren’t just things you see on TV anymore," he said. "They are here."
"We work hard with our own technology programs to stay ahead of fraudsters and the emerging threats they come up with. Ultimately, the human element is important as there’s only so much we can do to reduce the risk using technology. When the critical moment comes — when someone’s offering something that sounds too good to be true — we all need to take a moment to reflect and ask: Should I be handing over my credentials and other sensitive information?
The human element explains why TD works so hard to pass cybersecurity knowledge and experience to its customers, and the public at large, Foster said.
“It’s why we share fraud stories with our customers in our branches to help support their awareness, self-empowerment and protection,” he said.
"We also listen to their experiences and concerns, which helps us stay informed about the threats we all face, and helps us arm our customers and colleagues with the latest information. So, we’re going to continue working to help people become more aware of cyberthreats, and more prepared to deal with them.”
To help promote cyber literacy, Foster discusses five common scams and shows how to identify and avoid falling victim to each one.
Job scams
Job scams can arrive via unexpected text messages or emails from someone pretending to be a recruiter or hiring manager. Fraudsters will sometimes advertise these fake jobs on legitimate job search websites, in classified ads, and through direct email or texts, with fake offers of "easy money."
Once the fraudsters have offered their target victim a job, the employer (i.e. the "fraudster") convinces the victim to send them funds. The fraudster will often claim that these funds are either for training, uniforms or supplies for the job – none of which is true.
Another tactic fraudsters may use (once the victim has agreed to take the job) is to send the victim a counterfeit cheque with a convincing story about why they need them to cash the cheque and send back some of the funds.
A real employer will never ask you to send money upfront or request that you transfer funds to another party. Always research any job offers you receive and apply only through official company websites. If a potential employer is willing to hire you without an interview, if the job description is poorly written or vague, or if the job is offering "easy money," it may be a scam.
Learn more about how to avoid job scams in this TD Stories article here.
Phishing
Phishing is a method used by scammers to deceive you into giving away personal or financial details, such as your bank account information, credit card numbers, passwords, or Social Insurance Number (SIN).
Typically, phishing works like this: A scammer sends a message via email, text or voicemail, pretending to be from a trusted company. (And beware: Many scammers have really honed their graphic design skills, creating convincing logos and graphics that mimic those of a trusted entity.)
The message may claim that a problem requires your personal information to resolve it — say, your online order is delayed or that your bank account is frozen. When you click a link to provide personal information to "resolve" the issue, you’ve fallen for the scam.
The result can be identity theft, where scammers gain access to your banking details. They may attempt to open an account in your name or exploit your information to compromise your existing accounts.
To stop phishing before it happens, it's important to be careful about verifying messages you receive. For example, here is a TD Stories article about eight things your bank would never ask you.
In general, a few other things you can do to help guard against phishing include not clicking on suspicious links, keeping your apps and anti-virus software up to date, enabling two-step verification on your bank accounts and other services, and logging into services using biometrics – such as Face ID on iPhone – when available.
In this TD Stories article, you can learn more about phishing and how to avoid it.
Investment fraud
About a quarter (26%) of respondents said in response to a 2022 TD survey that they receive investment advice online from people they don't personally know, including via social media and/or direct messaging platforms. Fraudsters are taking advantage, by using social media and direct messaging platforms, to target people with investment scams. Targets can be tricked into “investing” large sums of money into fake investments with “get-rich-quick” promises — money that they will never see again.
This article from TD Stories explains how to avoid the pitfalls of investing scams: How to avoid investment fraud
Online shopping fraud
“Buyer beware” is a very old piece of advice that we should keep in mind when shopping online. From websites that post reviews from fake “customers” to sites that advertise items at prices that are too good to be true (in hopes of obtaining a customer's personal and payment information), there are unfortunately plenty of pitfalls for online shoppers.
At TD, fraud alerts are available at no cost on all TD Credit Cards and TD Access Cards. If your current mobile phone number is on file with TD, you will receive instant text messages notifying you if we detect suspicious activity on your TD Credit Card accounts and TD Access Card accounts.
But perhaps the simplest form of protection is the ability to recognize when a deal seems too good to be true — and opting to shop somewhere familiar and trusted instead.
Learn more about online shopping fraud in this TD Stories article here.
The ‘grandparent scam’
In this scenario, also known as the “emergency scam,” the caller pretends to be the grandchild of the person who answers the phone. The caller usually sounds upset or distressed, making their voice hard to recognize. (They may also use personal details gleaned from social media to try to convincingly impersonate the “grandchild.”) The caller claims to have been injured, involved in an accident or to be facing an emergency, and urgently asks for a money transfer. The scammer also begs the “grandparent” not to tell anyone.
Believing they are helping their grandchild, the victim often sends money to the fraudster posing as the grandchild. Since they've promised to keep it a secret, victims usually don't realize it's a scam until it's too late and the money is gone.
This article gives you steps to help spot and avoid the grandparent scam, starting with attempting to verify the caller using probing questions.
What to do if you’re the target of cyber fraud
The first thing is to remember that you’re far from alone, and there’s no reason to feel embarrassed.
Scams and fraud often go unreported due to the shame or embarrassment felt by the victim. Younger people may be especially reluctant to talk about being the targets of scams (or falling prey to them). A TD survey earlier this year found that 43% of 18- to 34-year-olds would be too embarrassed to tell anyone if they fell victim to a fraud or scam. Yet 41% were more likely to have been targeted by fraudsters through social media compared to older adult Canadians surveyed. The lesson is that anyone can be targeted and become a victim of a sophisticated online scam, and that includes the young and the digitally savvy.
“Another reason to speak up is because by doing so, you’re doing your part to help combat fraud. We learn from people’s experiences and can use that knowledge in the fight against cyber crime. So, for example, we encourage all our customers to send an email to phishing@td.com if they believe they’ve received a phishing email posing as a legitimate TD email,” Foster says. And if you suspect fraudulent activity related to your TD credit card, call the TD credit card support number (1-800-983-8472) immediately. You can also find this number on the back of your card.