5 Expert Tips to Protect Yourself from Financial Fraud when the Banks Won't

5 Expert Tips to Protect Yourself from Financial Fraud when the Banks Won't

Bank fraud is a significant concern in Canada, according to the Canadian Anti-Fraud Centre. Every week, Go Public hears from people whose accounts have been emptied by fraudsters using everything from phishing emails and fake banking apps to phone spoofing, hacked passwords and unauthorized e-transfers. All too often, investigations by financial institutions end not with accountability, but with banks blaming the very customers who trusted them with protecting their money.

"It's very disappointing," said Claudiu Popa, a cybersecurity expert who's spent decades investigating cybercrime and educating the public. "Banks appear to be protecting themselves and their own reputations, rather than trying to remedy a situation."

Tip 1: Change Your Password Regularly

The first tip is the most basic: change your password regularly — every three months is recommended — and make it unique. According to password manager NordPass, the most common password used in Canada and dozens of other countries in 2025 is "123456." The second most common password? "123456789."

Popa says we should stop thinking of passwords as short codes, and instead think of them as memorable passphrases. "Choose your favourite line from a movie or poem or whatever, and sprinkle in some personal punctuation," he suggested. Something like, H@staLaV1staBaby! Make sure it's 15-20 characters, and never reuse passwords across different websites.

Tip 2: Enable Two-Factor Authentication

He also recommends using a password manager to store passphrases, so you can just copy and paste them, instead of typing them out. "Viruses latch onto the keyboard and track the keys you're typing, which it can't do if you're pasting it directly."

"It needs to be a separate platform, so that's why you should always try to have a different device that you're getting your second factor on," said Popa. He advises against using SMS text messages for 2FA when possible. Instead, opt for a secure authentication app like Google Authenticator or Microsoft Authenticator.

Tip 3: Be Aware of Social Engineering Scams

Bank fraud doesn't always involve hacking. Scammers often trick people into handing over information themselves. Popa says social engineering scams, phishing emails and phone scams are becoming increasingly sophisticated. One common tactic people have written to Go Public about is call spoofing.

Fraudsters make it appear as though they're calling from your bank, then ask you to confirm details like your login credentials or account number to "prevent fraud." They might also ask you to share a "one-time passcode" sent to your phone.

Tip 4: Avoid Public Wi-Fi for Banking

"Many of these scammers intentionally make these calls at dinnertime because you're busy doing something else, because your bank branch might be closed, because it happens to be a weekend," said Popa. "They know exactly how to play with your emotions and your instincts."

Never share your passwords, PIN, one-time passcodes, or banking information with anyone who contacts you unexpectedly, either by phone, text or email. Popa advises calling your bank directly using the number on their official website or your bank card.

Tip 5: Be Cautious with Banking Apps

Instead of relying on wi-fi, use your cellphone data plan, which is more secure or connect through a trusted VPN (Virtual Private Network), which encrypts and protects your information.

"Many apps can run spyware or malware without your knowledge," Popa said. "They can take screenshots, track your activity or steal your credentials."

Popa's advice if you do use mobile banking: only download apps from the Apple App Store or Google Play Store. "Those are the only app stores that should ever be trusted with any apps at all," he said.