Skip to main content

    How to protect yourself from online scammers.

    Cybercriminals are busy creating and looking for opportunities to steal from us, scam us, or swipe our personal information. And they’re getting smarter and more devious all the time. 

    Fortify your password protection

    Your passwords are your keys to your castle, so to speak. Lapses in password hygiene – like recycling passwords or using a super simple password for that one site – can have serious consequences. One data breach can send your personal info zinging across the dark web and sold within minutes.

    • Make passwords strong. It takes a hacker about two seconds to crack an 11-character password that uses only numbers. Throw in some upper- and lower-case letters, and it will take a hacker one minute to hack into a seven-character password. A general rule is that your password should be at least 11 characters and use numbers and upper and lowercase letters. That combination will take hackers 41 years to crack.

    • Don’t reuse passwords on multiple sites and apps. If you find it too difficult to remember multiple complex passwords, use a password manager application.

    • Use multi-factor authentication (MFA) for added security wherever possible. MFA is an extra layer of security used to protect your online accounts. MFA is when you use two or more authentication factors to verify your identity, like a one-time code texted to your phone or biometric data like a thumbprint or facial recognition. Make sure you enable MFA when it’s available to you. SCCU requires 2-step verification to be enabled for all members. 

    Stay safe from scammers

    Criminals use the combination of technology and social engineering to trick you into divulging personal information they can use to commit fraud. Online scams have evolved to become more sophisticated and harder to spot.

    • Be wary of threatening or urgent messages that demand you act right now or face consequences. It’s easy for criminals to disguise an email address, display name, phone number, text message, or website URL to convince you you’re interacting with a known, trusted source. It could look like an email or text from an organization you do business with – like Amazon or PayPal – asking you to verify a transaction or telling you your account is compromised. The message will have a link to click on or a phone number to call. Don’t do it. If you want to make everything is okay with your account for peace of mind, contact the company through verified channels.

    • Question any unexpected communication. Criminals are personalizing and targeting messages with enough detail to make them seem legit. For example, an email from Canada Post with a delivery notice to an address a few numbers off from your address. Stop and think about what kind of communication you get from what source. Also be cautious of texts or emails that seem too good to be true, like a text from the Canada Revenue Agency letting you know about a surprise tax refund asking you to click on this link to verify your banking information so they can deposit it in your account (hint – the CRA doesn’t text tax returns). Don’t click on that link!

    • Don’t send money, gift cards, bitcoin or anything else of value to someone you've never met in person. Criminals are stealing millions of dollars a year from Canadians through what is commonly referred to as the “gift card scam.” Scammers typically contact potential victims by email or by phone, pretending to be an employer, government agency, law enforcement, lottery company, or financial institution. There are many different variations of the scam, but it involves asking the target to buy gift cards to help a co-worker in need, pay off a made-up debt or help catch a criminal by purchasing gift cards and providing the gift card info over the phone or by email. Criminals can be very persuasive and manipulative – hundreds of people fall victim to this scam every month. Resist the pressure to act quickly and remember gift cards are a favourite currency of cyber criminals.

    Make digital safety a priority

    Make time in your schedule to take steps to keep yourself safe, whether it’s updating passwords, enabling MFA, or ensuring the software on your devices is up to date. Our digital connectedness is getting more complex, and so are cyber threats. Stay on top of your digital safety and protect yourself.


    We are always here to help


    These articles are made available to you as tools for independent use and are not intended to provide investment advice. We cannot and do not guarantee their applicability or accuracy. All examples are hypothetical and are for illustrative purposes only. Please visit your branch to seek personalized advice from qualified professionals for all personal finance issues.