Staying safe in a digital world

Protecting your data and your devices

Whether you use a laptop, carry a tablet, or keep a smartphone in hand at all times, staying connected to the world is a click or swipe away. But there is a darker side to our digital world, where threats to the privacy of your personal information lurk.

Every year in Canada, millions of dollars are lost to online scams and fraud. Cybercriminals move quickly and their techniques evolve with both technology and the public’s ability to sniff them out. What’s more, today’s hackers are focused on stealing your private information, your identity, and your assets and less on creating malignant computer viruses.

People have become more attuned to safeguarding their personal computers from established risks. Many are taking steps to protect themselves by creating difficult passwords and keeping them private, not opening suspicious files, and limiting information shared on social channels. But email and connected home devices – where people are less aware of the dangers – can be an opening for fraud.

Your smart devices can be hacked (including smart homes, TVs, door locks, and baby monitors). And an unauthorized access to an email account can provide to access to all linked devices.

It’s important to highlight the risks of cybercrime in an effort to protect yourself and prevent losses. Here are some of the most dangerous privacy threats to watch out for.

Email phishing

Phishing is when Internet scammers use email lures to “fish” for passwords and financial data from the sea of online users. Phishing attacks use “spoofed” (look-alike) email messages and fraudulent websites designed to trick recipients into divulging personal, business, or other sensitive information such as credit card numbers, account usernames and passwords, or social insurance numbers.

Under the guise of a reputable brand like a financial institution, credit card company, or government agency, thieves will approach you with a bogus appeal to lure you into responding.

This might be a request to update your account, confirm billing information, or enter a contest. That request often includes a time element or a sense of urgency such as a threat to cancel or close your account if you don't respond quickly.

The malicious email will direct you to click on a link connected to a web address that's standing in for a legitimate website. Once there, you'll be asked to provide personal or financial information like credit card details, social insurance numbers, or banking passwords.

Phishing scams often appear to be from companies in the financial and payment services sectors. Be suspicious of such messages and don’t click on links. A legitimate request from one of these companies will typically be made through the company’s app or website. Check with those first and don’t respond to phishing attempts.

SMS phishing

SMiShing, short for "SMS phishing", is similar to phishing but instead of email, it targets your phone. A text message is sent to your mobile device in an attempt to get you to release personal information or click on a fraudulent link. Many people are unaware of this type of scam.

A SMiShing attack usually asks intended victims for an “immediate response”. Many appear to come from banks, financial services, or online merchants and their delivery companies. Be wary and don’t click on links.

BlueShore Financial has implemented a number of safety measures to combat scams including security alerts. For example, you can receive a text that your personal access code (PAC) has been changed or that a new payee for bill payments has been added.

If you have any suspicions or concerns at any time about your accounts, it's best to contact your financial institution directly.

Voice phishing

Vishing or "voice phishing" works phone contact into the act. A visher calls and speaks directly to you or leaves a voice message to try to get you to call them back. Either in person or through an automated system, they then attempt to get you to release personal information.

Some very common tactics in recent years involve masquerading as government agencies. Fraudsters leave phone messages claiming that you are being pursued for back taxes by the CRA (and in some instances, that police are on their way) to instill fear. Others claim to be from the Government of Canada concerning your social insurance number. Like many companies and other institutions, government agencies will not call you asking for personal information, so be cautious and don’t respond.

Angler phishing

Online customer service through social media channels like Facebook and Instagram is  vulnerable to fraud. “Angler phishing” occurs when requests for support or information from a legitimate company are monitored by scammers and then “answered” by the scammer asking for personal information or luring the victim to fraudulent websites.

You can check that their “handle” matches other responses, but remember, a legitimate company will never ask you for personal details on a public network – most ask you to “DM” or “direct message” them to initiate proper channels of communications. If you’re unsure, contact the company directly using a phone number, email, or website you know is accurate.

Spyware and ransomware

Spyware is a type of malicious software or "malware" that, once installed on your computer, allows criminals to monitor your behaviour and gather valuable data. Spyware isn't intended to crash your system or wipe its memory like the computer viruses of the past. Instead, it works quietly in the background tracking your keystrokes, searching your hard drive, and sniffing out your personal details to send to unknown parties.

Ransomware, on the other hand, is software designed to block access to a computer system until a sum of money has been paid. While often targeted to company networks, individual people have also fallen prey.

Fake hotspots

Public Wi-Fi access is convenient, but not necessarily secure. Many people use free or unsecured Wi-Fi networks in airports, coffee shops, and other public places. The perils of open Wi-Fi begin when you log on to a network that appears valid.

That free network may be nothing more than a gateway to track your activities, gather passwords you enter, or view your sensitive information. Criminals will sometimes use a different tactic, setting up copycat hotspots with the same name as a legitimate network hoping to fool you into thinking you're connecting to the real thing.

Smart use of your smartphone

Our world is wireless with technology that brings many things, including banking, into the palm of your hand. But with this flexibility comes the need for vigilance and a clear understanding of where your private information may be vulnerable.

Bluetooth technology provides a way to exchange information between wireless devices such as mobile phones, laptops, computers, printers, and digital cameras across a low-cost, globally available, short-range radio frequency band. It provides nearly ubiquitous connectivity, but it also can open the door to data theft.

When Bluetooth is enabled, it creates an open network to your mobile device. For sensitive information like mobile banking, we recommend you disable Bluetooth until your transactions are complete.

Make sure to use built-in smartphone security features to their best advantage. Password protect your device. Use biometric authentication such as a thumbprint or facial recognition. Ensure you have the auto lock set to the shortest time possible. That way if you lose your phone (or it's stolen), you'll be protected.

Our commitment

BlueShore Financial is committed to safeguarding your privacy and financial information. 

How you can protect yourself

Despite the sophisticated methods fraudsters are devising to invade your privacy and hack your devices, there are steps you can take to protect yourself.

1. Remember the essentials

A few basic steps will go a long way to protecting your personal information.

• Keep the operating systems on your devices current with the latest updates and patches
• Install security software that can detect viruses, spyware and other malware, and provide a firewall to protect your data
• Use email spam filters
• New malware appears constantly so ensure your protective tools are set to update automatically
• Never send out confidential information (account numbers, passwords) via email

2. Understand how reputable businesses act

It's easier to spot a potentially dangerous communication if you know how trustworthy organizations behave. As an example, BlueShore Financial will never send you an unsolicited email asking you for your password, account numbers, confidential information, or prompt you to restore your account access in this manner.

Here are some ways to spot a phishing email:

• Spelling errors or other anomalies in the sender’s email address and the URL (web site address)
• Requests for personal or sensitive information (username, passwords, social insurance numbers, banking information, etc.)
• Pressure for urgent action or response; the fraudsters are appealing to the human inclination to click embedded links or open questionable attachments
• Scare tactics and threats; ironically, a frequent ploy is to claim “your security has been compromised”

Also remember, before entering sensitive data through the website of any company you deal with, make sure you first see the "https:" prefix or a padlock in your browser's address bar. That “s” deems that the site is secure.

3. Verify, verify…and verify

Learning to be a skeptic can keep you safer online. Don't click on a link or call a phone number that comes with an uninvited email, pop-up, or phone message without first verifying it's valid. Avoid opening attachments, links, or installing software from an unknown source.

When you're mobile, know what you're connecting to. Only download apps directly from a service provider's website or an authorized source (e.g. Apple App Store or Google Play). If you must use a public Wi-Fi network, check with a representative of the place you're visiting to make sure it's a genuine connection.

Using the privacy settings on your mobile device, including the password or passphrase feature, will help protect your connection and keep your data secure should your device be lost or stolen.

4. Don't overlook old-school risks

It's no surprise that security in the smartphone age concentrates on digital channels. But that doesn't mean yesterday's threats have disappeared.

Be vigilant to identity theft and breaches of your privacy when you're offline as well.

• Don't write down PINs or keep them in your wallet
• Remember to sign your credit and debit cards as soon as you receive them
• Monitor your accounts and statements for unusual activity and shred confidential documents you no longer need
• Get in the habit of reviewing your credit report at least once a year

5. Use complex passwords and change them regularly

Complex passwords that are changed regularly remains one of the best ways to protect your privacy online.

When creating passwords, longer is better.

• Go with one that's at least eight characters in length
• Use a mix of upper and lower case letters, numbers, and special characters
• Avoid choosing real words, numbers in sequence or personal information that can be easily obtained like your birthdate, names of family members, or phone numbers
• Set a reminder to change your passwords every six months

6. Take steps to protect you home network, connected devices and smartphone

• Use two-factor authentication (2FA) on home computers, email accounts, online subscriptions, and smartphones where both a password and a second authentication step are required
• Install anti-virus software on both your computer and smartphone
• Ensure your home network is password protected by a password that you created, not the default password that comes with your router
• Password protect all your connected devices with different passwords
• Keep your personal computer on one network, and your connected devices on a second network – multiple networks can be set-up with many routers
• Never click on links in emails

Technology will continue to open doors to greater convenience in your financial life and beyond. That technology can be used more safely if you understand the risks and take the right steps to secure your privacy.