Important Member Update: For more information on a recent cyber incident that may impact you, please read our bulletin.

Fraud Prevention

Learn how to protect yourself online, avoid scams, and prevent fraud with these tips!

Apple mail warning, Skype scam, ignore free streaming video and more finance scams.

Welcome to Cyber Security Today. It’s Friday April 24th. I’m Howard Solomon, contributing reporter on cybersecurity for

Myth #1

Fraudsters can use a transmitter to steal my financial information from my wallet.

Not true. Interac Flash uses EMV-based secure chip processing, instead of magnetic stripe data processing. This protects Interac Flash against skimming, counterfeiting, and transaction replay types of fraud. The information on an Interac® Debit card cannot be unwrapped or duplicated to produce a counterfeit card or transaction. Basically, the information on your card is useless to a criminal.

Myth #2

I might pay for something by standing too close to a merchant terminal with an Interac Flash-enabled debit card in my wallet.

Not true. To start, your card needs to be less than 4 centimetres away from the terminal and positioned at a particular angle in order to make a purchase.

Myth #3

If my Interac Flash-enabled debit card is lost or stolen, my bank account could be emptied before I even realize it.

Not true. Spending limits require the cardholder to enter their PIN once set limits are reached. Typical limits are $100 for single transactions and $200 cumulative limits. Consumers using Interac Flash are also covered by the Interac Zero Liability Policy*.

* Protection applies to losses resulting from circumstances beyond your control. Some conditions apply. See your financial institution for details. Interac, the Interac logo,Interac Flash and the Interac Own your world design are trade-marks of Interac Corp. The Contactless Indicator mark, consisting of four graduating arcs, is a trademark owned by and used with permission of EMVCo, LLC. For more information on Interac Flash, visit


An Email Account Compromise occurs when someone other than the intended user steals credentials to access an email account; for example: email address and password.  The hacker uses those credentials to sign in as the original user and can access emails, including Interac eTransfer notifications.

Current Trends:

  • There is an increase in email account compromises where Interac e-Transfer email notifications are being accessed by a third party and not the intended recipient or legitimate email account holder.  
  • The third party uses the link provided in the email notification to access the gateway and deposit the funds. 
  • Many of the email account compromises involve telecom domains (,, indicating a potential phishing campaign affecting these domains.

Here is what you can do to protect yourself:

  • Register for Interac e-Transfer Auto-deposit; this eliminates the need for a security question and answer in every transaction and the money goes directly to your account.
  • Always be vigilant when transacting online.
  • Use two-factor authentication for e-mail; most email providers have this feature. 
  • Do not use the same password across various accounts.    
  • Use strong passwords and never share passwords.
  • Do not communicate the answer to the security question in the security question itself or via email.  Call and/or text the recipient with the password.
  • Select a question and answer that is not easy to guess or search on the web or social media; for example: what is the colour of the sky? What is my First/Last name? What is the name of my dog/mom/dad? What city do we live in?
  • Be cautious not to click on any phishing links and ensure that you are only transacting with trusted websites, vendors and people.
  • If you are suspicious of any transaction, immediately notify your financial institution.    

For more information about how you can protect yourself when transacting online visit

By Howard Solomon, Cyber Security Today

There’s a bank scam going around that uses SMS text messaging to get Canadians to give up personal information and their passwords. It starts with a text message that reads something like “Scotiabank Alert: Your card starting with 4536 is disabled for security. Please secure your account below” — and there’s a link that includes the bank’s name for you to click on. Ignore this. Don’t click on the link. First, banks don’t send warning text messages. Second, many Canadian-issued credit card start with the same digits — like “45” plus two more digits — that are set by the global banking industry to show where the card comes from. So these first four numbers aren’t a secret, and they’re not your personal credit or debit card number. And third, the fact that the link doesn’t start with HTTPS is a giveaway. By the way, this type of scam has been seen in the U.S. as well so American listeners should ignore supposed text messages from a bank as well.

Scammers are sneaky and sly. They can target anyone, from youngsters to retirees. They can also target businesses. No one is immune to fraud. Our group of superheroes has found a way to see through the scams. Their secret is simple: knowledge is power!

Topics include:

  • Fraud fighting 101
  • Subscription traps
  • Identity theft
  • CEO scams
  • Health and medical scams
  • Romance scams
  • Business scams
  • Phishing and smishing scams
  • Tax scams
  • Door-to-door scams
  • Emergency scams
  • Purchase of merchandise scams
  • Sale of merchandise scams
  • Red flags: things to watch for
  • Reporting a scam

This website uses cookies to improve your user experience. By continuing to browse the site you are agreeing to our use of cookies.