Close

 

 

 

Home Consumer Information Safeguarding Your Money Staying Safe Online

S M L

Staying Safe Online

Last modified: 29 October 2009PrintE-mail
On this page:

The Internet has made it easier than ever to conduct business, and manage our finances with greater speed, efficiency and convenience.  It also allows us to communicate with friends and family through social networking sites such as Facebook or Twitter, and to seek-out and establish virtual communities with others from around the world.

Unfortunately, criminals also use the Internet to try to gain access to personal information, such as passwords, personal banking and credit card details and social insurance numbers.  Once the criminals have obtained this information, it can be used or sold to others to make fraudulent transactions.

Banks and other businesses have sophisticated security systems in place to protect your personal and financial information and provide you with a safe online environment. Criminals know these strong protections are very difficult to overcome, so they try to get your confidential information directly from you.  To avoid becoming a victim, it is important to understand what kinds of scams are out there and how you can protect your home computer and your personal information.

What are Internet criminals after?

Fraudsters want your personal information and they use it to commit identity theft and financial fraud.  Criminals can achieve financial gains from more than just direct access to your bank accounts.  Disclosure of your personal information, such as your social insurance number (or U.S. social security number) or driver’s license number, can allow a fraudster to assume your identity and use that for their financial advantage by taking out a loan or mortgage or buying expensive items in your name.

It’s a lucrative enterprise, one that is organized and inventive.

What are the threats today?

How do these criminals get at your information? There are many deceptive tactics that they try.  The more common ones include:

  • Trying to trick you into downloading software that can monitor what you do and where you go online.  This software can also steal your log-in user names, passwords and personal and financial information.
  • Sending e-mails and using Internet pop-ups that seem legitimate, but take you to a phony website to try to get you to reveal your personal information.
  • Contacting you by phone or leaving voice messages directing you to contact a phony call centre that attempts to trick you into divulging personal information.
  • Reaching a large number of people by directing scams at users of popular websites.  The scams are often designed to fit in with the theme of the website: like targeting popular social networking sites where friends and family share information.  

What do these scams look like and how do I avoid them?

Scams are becoming more sophisticated, but there are ways to recognize them and to avoid the traps.

Criminals may send e-mail or text messages posing as an organization or individual that you recognize.  The messages are often designed to provoke an emotional response, inciting anxiety, anger, shame or sympathy.  They are meant to draw your attention and respond to the criminal’s call to action, such as providing personal information or clicking on an attachment or Internet link that actually conceals malicious software.  

In one common scam, you will get a message through a social networking site claiming to be from a friend or family member stranded in another country.  The convincing message will ask you to wire money so they can get home.  The problem is, your “friend” likely isn’t even travelling and the message is from a criminal.  Always try to contact the friend or family member through alternate channels before agreeing to this type of request.

You should also be wary of e-mail, text messages or phone calls claiming to be from your financial institution or other legitimate organization asking you to provide your passwords, financial or other personal information.  Your bank will never send you an e-mail or text message asking you to provide this information.  Even though your bank may call you if they suspect fraudulent activity on your bank account or credit card, they will never ask you to provide your passwords or account numbers verbally or via the telephone keypad.  

Should you receive fraudulent requests like these, do not respond, but check your bank’s website for contact information on how to report these types of scams to them.

For more information on recognizing these scams, visit our sections on e-mail scams (phishing) and phone scams (vishing).

Surf with care

Your online browsing habits may unknowingly put you in danger of downloading malicious code or viruses to your computer or making your personal information available to strangers.  There are a number of simple actions and best practices you can take to counter the threats posed by online fraudsters and reduce the likelihood that your personal and financial information will be exposed to strangers:

  • Protect your home computer – make sure that you install anti-virus, anti-spyware and Internet firewall tools purchased from trusted retailers or suppliers.  Keep these programs enabled and continuously updated to protect your computer against malicious software.
  • Protect your passwords – ensure that you create strong and unique passwords for each Internet log-in identity.  Pet names, birthdates and simple number combinations (e.g., 1234) are examples of predictable passwords that can be easily ‘cracked’ by criminals.  Avoid using the same log-in passwords for multiple websites, especially when it accesses websites with sensitive personal or financial information.
  • Read privacy policies – before you provide personal information to any website, read the site’s privacy policies and understand how information you provide may be used and how long it will be retained.
  • Be wary of downloading free files, programs, software or screensavers – malicious code, like spyware (that secretly monitors what you do online) and keystroke loggers (that secretly track what you are typing) can be hidden within the downloaded file and used to access personal information, such as passwords and financial information.
  • Use caution when dealing with unsolicited or provocative messages (e-mail, Internet pop-ups or phone messages) – understand that fraudulent messages are widespread and can target anyone.  Your vigilance is critically important for your safety.  If you feel provoked or have any reason to question the legitimacy of a message you’ve received, verify its authenticity through trusted channels – do not respond using information or links provided in the original message.

    For example, online criminals may use alarming messages to convince you to divulge personal information or unknowingly download malicious software.  The following images show how online criminals try to alarm you by claiming your computer has been infected with malware.  The onscreen image is designed to appear as though it is a legitimate warning message from your computer.  The message instructs you to purchase security software or download an anti-virus tool.  Either option can expose your computer to malware and provide unauthorized access to personal information.

    Familiarize yourself with your computer’s legitimate warning or security alert messages.  Do not click anywhere on the screen (including the "Cancel" button in the on-screen dialogue box) if you receive an unfamiliar or suspicious warning message. Instead, use Alt+F4 or Ctrl+Alt+Delete and launch Task Manager to close the window.  Alternatively, restart the system and manually scan for malware with your own anti-virus product.

Surf with care

  • Ensure that you are in a secure environment when doing financial transactions online –  look for the closed-lock or unbroken-key icons on your browser when entering credit card or other sensitive data. If you don’t see these icons, or if you see the broken key or the open padlock, your transaction is not being securely transmitted across the Internet and the website may be a fraudulent one.
  • Protect your Internet connection – this is especially important if you are directly connected to the Internet for an extended period of time through a cable modem or digital subscriber line (DSL). Disconnect from the Internet when you’re finished.
  • Verify your Internet connection – double-click on the closed-lock or unbroken key icon and read the certificate details to ensure it is registered to your financial institution.
  • Clear your cache – when you visit different websites, the website addresses are stored in the cache, or memory, of your computer.  Make sure you clear the cache of your browser after visiting secure sites so that nobody else can view any confidential information you may have transmitted.
  • Check your financial and credit card statements regularly – immediately contact your financial institution or creditor if you suspect any unusual or unauthorized activity in your account.  Securely dispose of printed statements and any other documents that contain personal information (names, addresses, birthdates, account numbers, transaction histories, Social Insurance and US Social Security numbers, etc.) using a paper shredder.

To test your knowledge of online threats and best-practices for protecting your personal information, please take the Cyber Security Quiz.

File sharing networks

File sharing networks, often called “peer-to-peer” (P2P), are popular because they allow users to upload and download music, movies, games, documents and other computer programs across global networks.  P2P file sharing software products are freely available on the Internet.

However, using these networks is considered a high-risk activity.  We strongly recommend that you do not install P2P file sharing software or use P2P websites.  If you do choose to participate, extreme caution must be exercised.  Here are precautions and tips to keep in mind:

  • Beyond the legal issues relating to copyright infringements, file sharing on peer-to-peer sites is commonly used by criminals to distribute objectionable or illegal files and viruses that are disguised to look like innocent downloads of popular songs, movies, etc.  Relying on a recent version of an anti-virus program alone may not be sufficient protection.
  • If you use peer-to-peer sites, make sure that you use the most current versions of anti-virus and firewall software programs that are licenced with the manufacturer.  The threat of contracting viruses and downloading malicious software is very high when P2P software is downloaded, so you need to scan for viruses frequently.
  • Do not accept a P2P program’s default settings.  Doing so will leave you vulnerable to unwelcomed access to your personal information, since default settings typically grant other users broad access to personal folders.  That includes access to your entire MyDocuments folder on your home computer.  Any personal information contained within your folders – from financial or banking information, to documents containing social insurance numbers or birth dates – can be captured and used for the purposes of identity theft or financial fraud.
  • Always manually determine which folders and subfolders you will share with your network.

Social networking sites

Popular websites and forums, like social networking sites, are fertile ground for criminals.  Social networking sites promote open communication and allow you to build virtual communities of friends around the world.  When you are on a site that encourages the posting and sharing of information, it can be easy to let down your guard and respond to a message requesting personal information.  Here are some helpful hints:

  • Be careful of what you include in your profile details.  Never include phone numbers, addresses, your birth date or other personal information, as that could be used to steal your identity.  Never include or post any banking information: not even the name of your bank.  
  • Exercise caution when adding “friends” to your network.  You may not know who is behind some online account: a new “friend” could be a criminal who is out to trick you into divulging your personal or financial information.
  • Check the privacy and security settings of the social networking site.  Don’t just accept default settings, which generally allow more access than people want or realize.  That access could include a very wide audience, where something that you post to a discussion forum could end up accessible to everyone who uses a common online search engine such as Google.
  • Read the privacy policy for the site carefully.  Ensure there are no clauses that give the social network the right to use information posted on the site, which could mean selling e-mail addresses or contact information.

External links

 

Back to top
Consumer Information:
In this section:
About the CBA

Learn more about who we are and what we do.

Banks in Canada

Meet the banks that contribute to communities across Canada.

Consumer Information

Explore a wide range of issues that affect all Canadians.

Research and Advocacy

Learn how the CBA contributes to public policies that affect our industry.

Media Room

Get the latest news and insights about banking in Canada.

© 2010 Canadian Bankers Association