This website uses cookies to establish a secure connection and personalize your experience. By continuing you consent to the use of cookies. For more information and instructions on how to opt out of cookies, visit the Online Privacy and Interest-Based Advertising Statement. If you choose to opt out this message will continue to appear.

Online Policy Statement

3 min read

Protect yourself from one-time passcode (OTP) scams

At CWB, we're committed to helping you keep your money and personal information safe and your accounts secure. As part of our efforts to inform you about the latest security threats, in this article, we'll explain what OTP scams are and offer some simple tips to avoid them.

What is an OTP?

A one-time passcode or OTP is a temporary numeric code sent to you via text or email as part of the universal multi-factor authentication (MFA) process. MFA is an important security measure that significantly reduces the risk of anyone gaining unauthorized access to your accounts. What makes it so effective is that even if a fraudster obtains your password, they can't access your account without entering this one-time passcode.

 

The “bank investigator” scam... a new way scammers are targeting clients


Unfortunately, criminals are always looking for ways to bypass the latest security measures. They may contact you, pretending to be a representative from a bank, post office or other trusted entity, and request your OTP for verification purposes.

In the latest version, scammers are posing as bank investigators allegedly looking into suspected fraud. They say they want to help secure your account, and then they use this pretense to trick you into e-Transferring money to them.


Here's how the scam might unfold:

 

  1. You receive a call from someone claiming to be a bank investigator. They explain that your account has been compromised.
  2. They may have personal information that makes it seem legitimate, like your name, date of birth, or account details. They may even have information about a previous fraud of which you were a victim, such as a compromised credit card, to make the impersonation even more believable.
  3. They tell you that to protect your account, you need to send an e-Transfer to yourself. They’ll guide you through sending the e-Transfer to your cell number, often increasing your daily limit, often to $10,000, and provide specific security questions and answers for the transfer.
  4. Once you've sent the e-Transfer, they'll ask you for a code, consisting of the last portion of the e-Transfer URL or link. With this code, they can gain access to your money and transfer it to their own accounts.

Tips to protect yourself from OTP scams

  • Don't share your OTP

Never give out your code to anyone who contacts you by phone, text or email. Neither CWB nor any representatives of CWB will ever ask for your one-time code.

  • Verify contact information

Don't assume the numbers or names on your call display are accurate. Criminals can falsify that information using spoofing technology. If you receive a call, email or text from someone claiming to be from CWB or another financial institution, always verify their identity through official contact methods before sharing personal information.

  • Be skeptical

CWB will never ask you for help with an investigation or to withdraw money from your account for any reason. Neither will any financial institution or law enforcement agency. If you receive a suspicious call, hang up, block the number and report it immediately.

 

  • Don't be intimidated

If anyone tries to pressure you, uses threatening language or a sense of urgency, it’s a red flag! No one from CWB will penalize you for exercising caution.


What to do if you suspect a scam

If you suspect you’ve been a victim of a scam or have inadvertently shared your passcode with a fraudster, contact your CWB relationship manager or nearest banking centre immediately with the following information:

  • Describe the incident in detail and provide any fraudulent texts or emails you received.
  • If you have anti-virus or anti-spyware on your computer, providing the logs can be helpful.

Additional resources

Visit Security at CWB to learn more about how to stay safe online, including MFA, password best practices, setting alerts and more.

Sign up to receive the Canadian Bankers Association Fraud Prevention Tip newsletter via email to stay informed about the latest frauds and scams.


Your trusted partners in fraud prevention

CWB is committed to providing a secure banking environment and employing a comprehensive, multi-layered approach to protecting our clients from fraud and security threats. We prioritize the security of our clients' accounts through advanced technologies and provide resources to help you stay informed about fraud and security threats. Through collaboration with regulators, law enforcement and other financial institutions, CWB proactively works to address the growing challenges of financial fraud and cyber crime.