This website uses cookies to establish a secure connection and personalize your experience. By continuing you consent to the use of cookies. For more information and instructions on how to opt out of cookies, visit the Online Privacy and Interest-Based Advertising Statement. If you choose to opt out this message will continue to appear.

Online Policy Statement

Fraud prevention 3 min read

Cover your assets: how to spot online banking scams

Fight back against fraud. Learn to spot and protect yourself against the top three online banking scams.

Conveniences like online banking have improved our lives immeasurably, but they’ve also created a world of opportunity for criminals. Scammers are working 24-7 to find new ways to steal your data and gain access to your money. Here’s what you need to know to spot three of the most common scams—digital impersonation, fraudulent code requests, and phishing attacks—so you can fight back against fraud.

1. Fake emails, texts, or calls

Ever receive a message that didn’t seem quite right? Fraudsters use this tactic to try to trick you into revealing sensitive information by posing as someone you trust—a financial institution, shipping company (like Amazon or Purolator), government agency like the CRA or other reputable entity—through links or requests for personal data or login credentials.

How to protect yourself:

  • Always verify the sender’s identity before responding to unexpected messages via email, text, social media outlet or phone call.
  • Be skeptical of any urgent or threatening claims that appear to be from a financial institution, vendor, shipping company, law enforcement or government agency.
  • Unsure? Contact the institution or organization directly through known channels, like phone or email.
  • Avoid clicking suspicious links or providing personal or financial data to fake websites, including online shopping sites. Always check for “https” in the URL and the padlock icon in the upper left corner. When in doubt, close it out. 

2. Fraudulent verification code requests

This is a common tactic designed to exploit multi-factor authentication (MFA). Given the increasing importance of using MFA, this is especially dangerous. Fraudsters posing as customer service or even bank staff will try to gain access to your accounts by requesting verification codes. You will only receive a code when someone—either you or a malicious actor—has successfully entered your username and password and is one step away from accessing your account.

How to protect yourself:

  • Use MFA whenever possible.
  • Never approve an MFA request you didn’t initiate.
  • Never share one-time passwords or verification codes with anyone. CWB will never ask for your code.
  • If you receive an MFA code when you haven’t logged in to online banking, contact CWB to reset your password.
  • If you receive an unexpected request for your verification code, contact CWB immediately using a known phone number.

3. Phishing: don’t take the bait

An estimated 90% of data breaches are due to phishing attacks, using deceptive emails, text messages, phone calls, and websites to steal sensitive data like usernames, passwords, or financial details. Scammers also use sites like craigslist and Facebook Marketplace as in-roads to gain personal information and ultimately, commit fraud.

How to protect yourself:

  • Don’t share personal information through unsolicited messages or calls.
  • Never share your username and password with anyone. No legitimate provider will ever ask you for your code over the phone or by any other means for any other reason.
  • Double-check email addresses for slight variations or misspellings, common in phishing attempts.
  • Never click on links in emails or text messages from an unknown or unexpected sender.
  • Hover over links to preview the actual URL before clicking, ensuring they lead to legitimate sites.
  • Never click on sponsored search results when using Google or Bing. Threat actors often use this tactic to distribute malicious content and steal information. 

Forewarned is forearmed

The current threat landscape is daunting but, by staying vigilant, you can fortify your defenses against digital impersonation, phishing, and fraudulent verification code requests. Educate yourself and keep up to date on the latest fraud tactics so you can recognize and avoid them.

Remember, CWB will never ask for sensitive information through unsecured channels, so trust your instincts and verify any suspicious communication directly with a trusted contact at your banking centre.

Keeping your accounts safe is a shared responsibility, and together, we can create a more secure digital banking experience.

Reporting fraud attempts

If you suspect your accounts have been compromised, contact your nearest banking centre immediately.

 

More security resources