The email certainly looked official. There was my bank’s logo in deep blue and bright orange. And there was the message to me, formally presented as financial advice , with a link encouraging me to log in so that I could receive a statement. So I clicked on the link, and while I didn’t receive a statement at that point, I assumed that something of the sort would be forthcoming. I moved on. Other business needed my attention, and I gave the email no further thought.
Four weeks later, I received some emergency financial help from my bank. Money I had placed in a Guaranteed Investment Certificate (GIC) had gone missing. It was a sizeable GIC, four years in the making, and when I got the bad news I felt like I had been pushed out of a plane at several thousand meters without a parachute. You probably know the feeling. It’s similar to the panic that comes with losing a wallet containing all your identification and credit cards, or the horror that accompanies a lost computer containing gigabytes of vital, irreplaceable data.
All thanks to one simple click, I had become the victim of what is termed “phishing” – one of the most widespread and nefarious of email scams.
Somewhere out there in the vast universe of cyberspace, a thieving phisherman had managed to get up to all kinds of digital mischief thanks to my having fallen into his clever net. First, he was able to obtain my bank password information. Then he used my email in place of his email as he relabeled and circuitously re-routed my GIC funds, first transferring them to a savings account in my name, then transferring those funds out to an account at his bank.
Fortunately, cyber-security systems raised red flags at my bank, and the crime was exposed, but not without considerable anxiety and work sorting matters out on my end. Not to mention, the experience lingers with me.
My virtual space has been violated, and my comfort level with online banking is greatly diminished. Not that I intend to do away with online banking, mind you. In this day and age, I really can’t see myself towing nothing but cash around all the time, or running to the post office every time I wish to pay a bill. Like everyone, I’m spoiled by the convenience our digital age offers. But I am very wary.
I check my online accounts daily now. Above all, my antenna are up whenever I receive any email message that even remotely bears on matters of finance, personal business, or the sharing of information. If there is ever again an official call to action to click on a link, my intention is to ignore it and follow up thoroughly through trustworthy channels.
You, dear reader, should raise your antenna, too. Indeed, my first-hand experience with cyber crime only brings home the point that there’s more to financial literacy online than just understanding the bank's website. Keeping your finances safe and secure online also is vital to smart personal money management and while financial help is available from your bank there is some responsibility to protect yourself as well. .
The Government of Canada’s Anti-Fraud Centre (CAFC) notes that cyber crime is growing. In particular, the kind of phishing email I fell prey to is fast on the rise, and growing in sophistication through the very official ways in which such emails are being presented. For instance, something called “brand spoofing” - where a major financial institution’s logo and style of communication are convincingly replicated - can quickly snare people (as it did me). In 2012, CAFC saw a 28% increase in phishing reports from 2011.
There are ways to protect yourself. I strongly urge everyone to educate themselves about email fraud and online security. Canada’s major financial players offer advice and guidance in this regard. To see what a number of banks are doing to protect you from e-mail fraud, visit the Canadian Banking Association.
Please, stay alert to phishing - hook, line, and sinker.