We've all received those scary sounding text messages and emails claiming to be from our bank or other service provider. The person calling says that your account has been locked, or that you need to send them a money transfer, and that you need to click this link and enter your personal information as soon as possible, or else.
In the moment, you might panic. That’s what the fraudsters are counting on. But be sure not to click any links, open any attachments, or enter your personal information – it's a scam.
These are phishing scams.
What is phishing?
Phishing is a tactic used by fraudsters to trick you into sharing your personal or financial information such as credit card or bank account numbers, passwords or your Social Insurance Number (SIN).
Here's how phishing often works: a scammer sends you an email, text, or voice message that appears to be from a legitimate company – for example, claiming that your online order is delayed, or that your bank has frozen your account – and tells you that you need to click a link and enter your personal information to "unlock" your account or access information about your order.
Providing personal information through phishing can lead to identity theft, which can result in a fraudster gaining full access to your banking information. Scammers often try to open credit products under your name at different financial institutions or use the information to compromise your accounts. Clicking on phishing links can also lead to viruses and malware, which can infect your computer and corrupt its data.
In 2021, the Canadian Anti-Fraud Centre (CAFC) received 7,190 reports of phishing, where 1,597 people were victims. From January 1 to August 31, 2022, the CAFC received 6,364 reports of phishing, where 1,538 people were victims. However, the CAFC estimates that only 5% of scams and fraud are reported.
How to protect yourself from phishing
To stop fraud before it happens, it's important to be careful about verifying messages you receive. For example, here is a TD Stories article about eight things your bank would never ask you.
In general, here are a few other things you can do to help guard against phishing:
1. Don't click on suspicious links: If you do a lot of online shopping, look out for suspicious text messages or emails claiming there's a problem with your account or your payment information or that your order's delivery is delayed. In these situations, the fraudsters will often send you an email or text message that appears to be coming from a courier service. Use extreme caution when receiving messages with links or attachments, especially unsolicited messages. Do not download attachments from unsolicited messages.
2. Contact the company directly: Beware of online ads – they may not be legitimate, or they might redirect you to a malicious webpage. Rather than clicking on the link provided, go directly to the retailer’s website and look for the product. When in doubt, always contact or visit the company website through the contact details you know are legitimate.
3. Keep your apps up to date: Make sure to keep your applications and anti-virus software up to date. Only download applications and updates from legitimate app stores such as the Apple Store or Google Play Store.
4. Enable two-step verification: When you enable two-step verification for your bank accounts at TD, you'll receive a one-time security code so that TD can confirm who you are for your online or mobile banking. You can choose when you want to receive a security code (for example, when you reset your password or log in from an unfamiliar device) or receive one every time you log in. This helps confirm it’s really you who is accessing your accounts and helps protect your personal information.
5. Log in using biometrics: You can also use biometrics to log in to the TD app by using Touch ID or Face ID on iPhone, or Fingerprint, Face, or Iris scan on Android. Unlike passwords, which can be compromised and used by third parties without authorization, biometrics – such as facial recognition or fingerprint ID technology – offer a higher level of security as only your face, finger, or eye can be used to log in to the TD app, and it also helps make the authentication process faster.
6. Check out these resources: For additional resources on types of fraud, fraud prevention, and how to report online fraud, visit the TD.com Privacy & Security Page – Ways to Protect Yourself from Common Frauds and Scams. If you think you've been the victim of a fraud or scam, you should report the incident to the Canadian Anti-Fraud Centre, which also provides information on current and past scams affecting Canadians.