Hackers are coming up with even more devious ways to steal our private information while individuals and corporations take ever-increasing precautions to thwart fraud. Tammy McKinnon, Senior Vice-President, Head of Financial Crimes and Fraud Management Group, TD Bank Group, joins Kim Parlee to discuss the latest scams and how to keep yourself safe online.
- Have you ever been the unfortunate recipient of an aggressive email or a call from the Canada Revenue Agency demanding money? And then it clicked-- you're being scammed. March is Fraud Prevention Month, and scams and cyber crimes remain big problems for individuals and for the biggest corporations.
I talked recently to Tammy McKinnon. She's Senior Vice President of Financial Crimes and Fraud Management at TD Bank, and I asked her, with all the security precautions we take for fraud, hacking, and larger data breaches, is it still happening?
- We still aren't being secure enough with our passwords, having strong enough passwords, having different passwords across accounts, and not changing them often enough. These are all challenges, and fraudsters will use this information. Should there be a breach of any kind and they access information, they'll use it to try to log into your banking account.
- I think the thing that's interesting as well is that if you-- and this is I think what you're getting to, the fact of having many passwords. And if you one password for one thing, and it's the same for everything, once they get one they've got it all.
- That's right.
- We're also encouraging customers to leverage two-factor authentication. And two-factor authentication is just an additional layer of protection where a bank, let's say, has your phone number, and they'll email or text you the phone number in order for you to validate your identity. And not only does this help confirm your identity, but it also alerts you when a fraudster is trying to access your account.
- Oh, I see. So if they try and can't do it, then you're going to find out about?
- Yes, that's right.
- OK. All right. There are all sorts of interesting new ways-- I know the fraudsters are trying to do what they do. What are the latest ways that you've heard about?
- Well, phishing is becoming more difficult to detect.
- And what is that?
- Phishing, recall, is when a fraudster mimics an email from a financial institution or Canada Revenue Agency, and they're looking to gain information that is personal and private to an individual. And they'll then use that information to, again, try and access your accounts. So it's hard to tell what's real and what's not real.
We would encourage customers never to share their personal account information. A bank is not going to call or email you and ask you for that type of sensitive information. So keep that to yourself.
- OK. Another one I know that-- because you've sent me your list-- the romantic scam. What is the romantic scam?
- Romance scam. So individuals looking for companionship online may meet somebody, and within a very short period of time, they're being asked to provide a sum of money, say $5,000. And it's typically for an emergency-- create some urgency. And those are good indications that it is fraud.
- Household devices-- this I'm assuming just all our stuff in our house talks to us and listens to us now.
- That's right. So on the home front, beware of computers and phones and thermostats, and anything that's connected to the internet of things. Those devices all require strong passwords, just as we've spoken today.
- Yeah, again, not the same password for everything.
- That's right.
- One you have here that I've heard about, and this kind of blows me away, is when someone comes in and hacks something in your house, probably more likely a laptop or a phone, and they hold it for ransom.
- Yes. So we are seeing extortion measures where a fraudster may be sending an individual an email. A customer clicks on the link. It infects their computer with malware. And they're actually having to pay in order to get access to their own device back.
- Who do you find, in what you've done, are the most vulnerable to these types of scams? I mean, we all are. No one wants to admit it, but I mean, the first time, you're like, oh. You click on something, you're like, oh, I shouldn't have done that. But generally speaking, are there some demographics that are more vulnerable than others?
- Yeah, there are. I'd say elderly and millennials in particular. So if there's anyone in your household, or friends or loved ones, open up a dialogue and ensure that they know that they can talk about it, and give them tips and tricks on best practices. Because although fraudsters are more sophisticated, they can trick even the best of us. I do think that elderly and millennials who are just more apt to provide access to their personal information, they do need an additional level of protection.
- It's so funny when you say millennials or anybody younger too, because we tend to think of them as being so digitally savvy. I mean, what is it? Is it that they're too trusting? They're certainly very literate.
- Absolutely. I think some of it just comes down to they've grown up clicking the accept box and giving away information without really understanding the consequence.
- Let me-- speaking about millennial consequences, let's talk a bit more about that romance scam. It happens. And when this happens, I mean, you might have somebody who's in a-- they're vulnerable, they're lonely, maybe they've had an interaction that they don't really want to share with the world online. But when they're asked for something or extorted in some way, what do they do? What can someone actually do about it?
- Yeah. As hard as it may be, we encourage people to go to the police. It can be very embarrassing, but fraudsters are relentless, and they are going to keep coming back for more money. So until you involve law enforcement, there's just more loss that could take place.
- Yeah. And I think-- and it's funny, too, because in that kind of situation people are so embarrassed and they're so ashamed, but fraudsters hope that. That's exactly what they want.
- That's right. They'll often tell you to be careful and not tell anybody, and that's exactly why they don't want you to tell someone.
- Yeah, red flag number two. At that point, it's probably too late though. So all of this, how do we prevent it from happening?
- Certainly the strong passwords is an important element, using the two-factor authentication if you have a mobile device and you're able to receive the one-time passcode that validates who you are. Whether it's checking statements, which is something that many of us have done for many years, or using a mobile app and using an application, be vigilant about checking for unusual activity on your account.
- So Tammy, you of course are the one who is in charge of trying to help protect people from some of the fraud that's going on out there. As the head of financial crimes and fraud management, tell us a few things that you've been working on.
- Sure. So at TD, we're monitoring our customers' accounts around the clock looking for unusual transactions with the goal that we would stop it before a customer would ever even know about it. We also put leading edge tools into our customer's hands, whether it's MySpend or other fraud alerts, so that our customers can help us prevent fraud happening on their account.
TD is also a founding member and the first bank to join the Canadian Institute of Cybersecurity at the University of New Brunswick. As well, we've opened an office for cybersecurity in Tel Aviv, Israel. And these initiatives together will help us stay at the forefront of cybersecurity research and protect our customers as best we can.
- Yeah. And you really need to, given everything that's going on. Tammy, thanks so much for coming in.
- Thank you, Kim.