Your cybersecurity: how you can protect yourself online

Key takeaways

• Fraud and cybercrime cost Canadians hundreds of millions of dollars each year.
• Cyber criminals use technology, emotions, and weak spots to carry out cybercrime, with AI making online scams more sophisticated and harder to spot.
• You can protect yourself by knowing what to look for and by practicing good online habits.

What are cyber scams?

Cyber scams are online scams designed to steal your money or your identity by gaining access to your financial accounts or sensitive information. They can target individuals like you as well as organizations, including the ones you deal with.

In Canada in 2024, fraud and cybercrime resulted in:

• 51,999 Canadians reporting some form of fraud
• 36,248 Canadians becoming victims of fraud
• $645 million lost to fraud

What do cyber scammers use?

Cyber scammers use various tactics, such as phishing, hacking, and fake content. What these tactics have in common are the use of technology, most recently artificial intelligence (AI) and social engineering, where they use your emotions against you, along with exploiting cybersecurity weak spots.

• The advancement of AI is making it easier for scammers to write convincing messages, design professional-looking emails and ads, and produce deepfake videos that look legitimate. They also have access to tools that allow them to mimic phone numbers, emails, and websites.
• Social engineering involves manipulating your emotions, creating fear or a sense of urgency to get you to react quickly and impulsively.
• Exploiting cybersecurity vulnerabilities, such as weak passwords or data security lapses, allows scammers to gain unauthorized access to accounts or entire databases.

Let’s look at some of the most common ways that cyber scammers try to get access to your accounts and information, how to recognize them, and how you can protect yourself.

What’s phishing?

Phishing is a tactic designed to trick you into giving away your sensitive or personal information using emails or texts from legitimate-looking sources, such as a business or financial institution you might deal with. This allows cyber scammers to log in to your accounts to access your money, make unauthorized purchases, or steal your identity to open accounts, get credit cards or loans, and create passports using your information.

Messages often use urgent or threatening language to get you to act impulsively and usually contain links or QR codes to fake websites where you’re asked to enter information such as your account password, date of birth, Social Insurance Number, PIN, security code, or credit card number.

The subject of the message can be a problem or an incentive, such as:

• A request from your bank to update your password
• A text about a tax refund or money transfer
• An urgent email about your computer’s security
• A prize from a contest you don’t remember entering
• An unsolicited offer for a new product
• A problem with an unpaid invoice
• An undeliverable package

How can you protect yourself against phishing?

• Learn to recognize phishing messages.
• Don’t react emotionally: If it’s an offer that seems too good to be true, it probably is. If the message is about a problem with an account or password, or something else, there are other ways to verify if the message is legitimate.
• Check the sender’s email address, as it often won’t match the organization’s domain name.
• Don’t reply or click on any links in the message. To check if a message is legitimate, contact the sender another way; for example, go directly to their real website or call their customer service.

What’s hacking?

This is how cyber criminals exploit security weaknesses to gain access to sensitive information. They can try to guess your bank account password, for example, or steal entire databases of personal information from companies, which they can then sell to other criminals.

Hackers will use:

• Weak passwords or passwords used on multiple sites
• Software vulnerabilities, especially in out-of-date software
• Malware, which is software designed to gain access to computer systems and networks

How can you keep your accounts safe from hackers?

Good password habits and regularly updating your software can help keep your accounts secure and protect your personal information online.

• Create strong passwords or passphrases that hackers can’t easily guess. Your cat’s name might be an easy password to remember, but it’s also what makes it easy to guess, especially if you post about your cat on social media. The same applies to names of family members, birthdays, anniversaries, or anything that’s widely known about you.
• Use multifactor authentication as an extra layer of security to make sure it’s really you who’s signing in. You can set up a security question that only you can answer, or have a code sent to you that you need to enter.
• Use different passwords for each site so that even if hackers manage to get your login information for one site, they won’t be able to access your accounts on other sites. Changing your passwords every few months will also make it tougher for hackers. Consider using a password manager to help you keep track.
• Update the software on all your devices regularly to fix the latest security issues.

What are investment scams?

These are scams that may promise you high returns to get you to put your money in fake or misleading investment opportunities. They usually come through unsolicited emails, text messages, or social media ads.

These scams could include:

• Offers for fake fixed-income investments, such as guaranteed income certificates, that look like they come from known companies and promise high returns
• Cryptocurrency buy-in offers that promise high returns in a short time, but usually steal your money and your personal information
• The pump-and-dump scam, which offers very low-priced stock that the scammer owns a lot of—when investors buy shares and the value shoots up, the scammers then sell their shares, leaving investors with worthless stock

How can you protect yourself against investment scams?

• Always be careful of unsolicited investment offers that promise high returns and pressure you to act quickly.
• Don’t click on the links in these offers, and look for fraud alerts about the investment.
• Check with your local securities regulators or your financial advisor to verify if the investment is real.

What other online scams should you be aware of?

Other common online scams are designed to trick you into paying for something that doesn’t exist or isn’t what it seems. For example:

• A text message offering you a job, but requesting payment for equipment or an administrative fee
• An email offering an attractive travel package at a low price and asking for a deposit
• A social media post about a charity asking for a donation

How can you protect yourself against these scams?

• Be skeptical of offers that are too good to be true.
• Research the organizations or sites the messages claim to be from, and don’t click on any links in the messages.
• When it comes to job offers, be suspicious if they ask for payment for anything. A job should pay you.

Staying safe

Protecting yourself from online scams and cybercrime starts with awareness, and you’ve already taken a big step by reading this article. You can further protect yourself by checking out available resources on staying safe online and being aware of current fraud threats. If this does happen to you, don’t hesitate to report the incident so it doesn’t happen to others.