Financial Literacy: Cybersecurity

Financial Literacy: Cybersecurity

How to thwart cyber-thieves, fraudsters, and scammers


As you’re browsing away looking for deals during the holiday shopping frenzy, it’s tempting to click on links to irresistible deals or awesome offers because, you know, FOMO (Fear Of Missing Out). But at this time of the year, be extra cautious of emails, text messages, and websites that you land on. The bad guys never sleep. And they’re always inventing new ways to try to rip you off. Plus, they just love this time of year when people get click-happy. To help you thwart the thieves and fraudsters, here’s a look at the most common types of cyber scams and what you can do to avoid become a victim.

The most prevalent type of fraud attempt these days doesn’t actually involve exploiting vulnerabilities in software or hardware. Most online scams and schemes are now classified as “social engineering,” that is, attempts to trick you into opening your computer systems to the bad guys rather than trying to exploit a weakness in hardware or software. Most of these attempts at deceit fall into three broad categories:

Phishing: Fraudsters will send you an email that looks like one from a legitimate retail or financial institution, like your bank, investment advisor, or online retailer. They’ll use some sort of pretext involving an account, accusing you of being “overdrawn” or “in arrears,” or perhaps telling you that there’s a credit balance on your account that you must claim in the next 24 hours. The message will often threaten to close down your account unless you click on a link to provide sensitive personal information such as your name, password, account numbers, Social Insurance Number, and so on). But do not do this! Once you click on a link or provide this information, they’ve pretty much got an open window on your computer and your financial life.

This sort of email is a dead giveaway that you’re dealing with a phishing scam because the government, banks, big retailers, insurance companies, credit card companies, mutual fund companies, investment advisors, and so on, never ask for this information by email or text message. Never click on a link in a strange email that you aren’t expecting or from a source you don’t know personally. Always double check by phone or by logging into your account through your browser (never through an email or text link!). And if in doubt, throw it out.

Malware: This is a type of malicious software that invades your computer system if you ever do click on a link in a sketchy email. Once your system is infected (and you’ll never know it is, unless you have robust, up-to-date virus protection), the malware can capture any keystrokes you may enter when you login to any of your legitimates sites. The bad guys then have your passwords, and from there, the sky’s the limit for them. They’ll be able access your accounts using windows that aren’t visible to you, and empty them out in an instant.

Pharming: This one is particularly prevalent during peak shopping seasons. If you click on a link in a scam email, you may be directed to a fake website that looks like the real thing (this is known as “spoofing”). You may be asked to fill out forms giving various bits of highly sensitive personal information that the bad guys can then use to access your real account information.

When using online financial sites or logging on to a retailer account, always make sure there’s a “padlock” icon in the address bar and that the web address begins with an “https://”– the “s” stands for “secure.” This ensures that you are on a legitimate site and that your connection is secure.

Thwart the cyber-criminals!

While banks, investment companies, and online retailers (at least the large ones) do their utmost to ensure cyber security, you yourself are always the first and best line of defense. Public Safety Canada, the government department responsible for national security, offers a number of common-sense tips to follow to ensure you don’t get scammed by cyberthieves:

* Choose strong passwords for your banking and online investing accounts and keep them private.

* Look for the “padlock” symbol on the website or "https://" at the beginning of the website address.

* Avoid using online auto-fill or auto-remember features for your password and personal information.

* Keep your browser and anti-virus protection up to date.

* Use the firewall feature in your operating system.

* When you’ve completed any financial transaction, close the browser window, delete your browser history (also known as “clearing the cache”), and disconnect from the Internet.

* Never use public Wi-Fi or public computers to make financial transactions.

* When navigating to a website, especially a financial or investment site, enter the address in the browser window yourself – never use a link.

* Call your investment company, bank, retailer, credit card company, or financial advisor directly about suspicious messages threatening to close accounts or asking for personal information – remember, reputable institutions will never do this by email. (Also, do not use any phone numbers supplied in an email to contact the institution – they can direct you to a fraudulent “call centre,” which will then harvest your private information; instead, use numbers supplied on your statements or on the back of your credit card).

This month, be sure to check out our previous articles on Financial Literacy:

* Financial Literacy: Money Mistakes
* Financial Literacy: Budgeting
* Financial Literacy: Debt
* Financial Literacy: Market timing

Robyn Thompson, CFP, CIM, FCSI, is the founder of Castlemark Wealth Management, a boutique financial advisory firm specializing in wealth management for high net worth individuals and families. Contact her directly by phone at 416-828-7159, or by email at for a confidential planning consultation.

Notes and Disclaimer

© 2019 by the Fund Library. All rights reserved. Reproduction in whole or in part by any means without prior written permission is prohibited.

The foregoing is for general information purposes only and is the opinion of the writer. Securities mentioned are illustrative only and carry risk of loss. No guarantee of investment performance is made or implied. It is not intended to provide specific personalized advice including, without limitation, investment, financial, legal, accounting or tax advice. Please contact the author to discuss your particular circumstances.