Fraudsters will try to make you act impulsively, usually by indicating a sense of urgency. Taking the time to do your research can protect you from being a victim of fraud.

Educate yourself

Fraud is becoming more sophisticated. The best way to ensure you're protected against fraud is to be aware of the fraud schemes out there and what controls you need to put in place to protect your business.

Ask questions

Before you click on an email from an unknown recipient, take the time to ask yourself these questions to identify fraud red flags:

• Does this email make sense? 
• Was I expecting the email or attachments?
• Should I be receiving this email?
• Does this email seem overly urgent or does it play on my emotions?
• How can I verify the contents of this email?
• Does it have spelling mistakes, grammatical errors and a generic greeting?
• Does the offer seem too good to be true?

And remember, your information is at risk no matter how you’re accessing the fraudulent communication. Be just as aware when checking your email on your phone as you would be on your desktop.

Go with your gut

If something seems off—the tone, frequency of communication, pay attention to who’s communicating with you, the request—verify the contents of the email. Reach out to the personal or organization directly by using contact details either from your internal records or the direct website instead of those in the questionable email.

Phishing is a fraudulent attempt to obtain confidential information, such as usernames, passwords, one time passwords (OTP) for two-factor authentication (2FA), and banking details by disguising oneself as a trustworthy entity in a communication (email, phone, instant messaging, etc.). Established institutions like ATB will never ask for any of your credentials, including two-factor authentication.

Tips for identifying a phishing email:

• Pay attention to who's is communicating with you
• Look out for a sense of urgency or use of fear tactics
• May imitate a known brand (e.g. Netflix, Amazon, Apple)
• The email may be impersonal or the tone formal
• May contain punctuation and grammar errors—but be aware, it may not!

You can take steps to strengthen your password and prevent hackers from accessing your password-protected information.

Strong passwords are key

Always use a strong password or passphrase—avoid choosing a password that would be easy to guess, or information that could easily be obtained by others (like your name, your partner’s name or your pet’s name). Studies have shown that even complex passwords that are five characters or less can be instantly cracked. The strongest passwords include a combination of numbers, upper and lowercase letters, symbols and more than 10 total characters.

Four simple tips for keeping your passwords secure:

• Use unique passwords for everything
• Only log in from trusted sources
• Set up two-factor authentication (2FA) to add an extra layer of security to your account
• Most importantly, never share your password or two-factor authentication one-time passcodes

The five most common passwords are:

• 123456
• password
• 12345678
• qwerty
• 12345

If you’re using one of these, it’s time to make the switch to a more complicated password. Here’s how you can make the switch:

• Choose a phrase
  Absence Makes The Heart Grow Fonder
  
  
• Take the first letters of the words in the phrase
  amthgf
  
  
• Add uppercase letters
  AmThgf
  
  
• Expand, substitute, add numbers and special characters. Ensure your password is at least eight characters in length.
  AmTh3+Gf!

It can feel overwhelming to create unique, complex passwords for all of your accounts. You can look into a reputable password manager to create unique and complex passwords and manage all of your credentials.

Criminals may steal, fake, alter, or forge a cheque to steal funds. While Payments Canada may have regulations in place for the return of forged cheques, it is often within 24 hours of the cheque being withdrawn from your account.

Tips to protect yourself:

1. Consider using an electronic method of payment (email transfer, wires, pre-authorized payments) instead. Digital methods are more inherently secure than paper cheques, when used properly.
2. Reconcile your accounts regularly - we recommend daily. This will allow you to identify and report any discrepancies immediately.
3. Avoid mailing cheques. Mail theft is often the root cause of fraudulent cheques.
4. Practice safe cheque storage—locked and out of sight!
5. Never sign cheques in advance without completing all areas of the cheque first.
   

Used properly, e-transfers can be an incredibly safe and efficient way of doing business. But if the proper safeguards aren’t used, e-transfers can be a target for theft and fraud, as they’re an immediate payment method.

Here are some tips to protect yourself:

• Only send and accept e-transfers from someone you know and are expecting to receive funds from.
• Sign up for Autodeposit. When anyone sends you an e-transfer, the funds will be automatically sent to your account, no questions asked.
• If the recipient doesn’t have Autodeposit set up, use a unique and hard to guess password for each e-transfer. You could choose to generate a random password using a password manager or other related too.
• Don’t share your password. If you need to tell the recipient the password, use a seperate method (e.g. text or phone call), or use a password they will know.

Wire fraud involves a victim sending funds via wire to a fraud actor requesting a wire payment. These fraud schemes are often initiated by email. This could happen when an entire email communication is fraudulent or a single fraudulent email is interjected in a legitimate conversation—in both cases, this is called “Business Email Compromises”.

The fraudulent email usually includes instructions to send funds to a new account or wire recipient. Wires are immediate and international, and it’s very difficult to get any of the stolen funds back.

Our tips to protect yourself from wire fraud:

• Verify that the email addresses you’ve received any payment instructions from, especially if the email is informing you of a change to instructions or bank account.
• Reach out directly to the organization/person requesting the funds to verify the request using the contact information from your own personal records or a legitimate website. Never click on any links in the email itself or use any of the contact information provided.
• Use two factor authentication.
• Slow Down! Red flags may be present. Ask questions and verify!