As criminals use emails and texts to phish for people’s personal information in hopes of robbing bank accounts, it’s becoming increasingly difficult for the average customer to know what is legitimate communication from their bank and what is not.
“They [scammers] are much better at targeting their audiences now and doing a lot better job of making it look realistic and it becomes very confusing for people,” said Sgt. Royce MacRae with the RCMP’s Tech Crime Unit in Nova Scotia.
Brenda and Fernando Afonso learned the hard way how sophisticated these scammers are.
The couple had been using Scotiabank’s InfoAlerts service, which sends a text or email to an account holder every time their debit or credit card is used. It’s a way to make sure all transactions are legitimate and keep track of any unauthorized use.
“We were out one day and my husband got a text message saying his bank card had been used and he hadn’t used it so he became concerned,” Brenda Afonso told CBC News.
“He logged in to check his account and when he did he was actually logging into a bogus account and they got all of his information.”
The fraudsters used the information they had obtained to clean out the $ 3,000 in the Afonsos’ bank account.
“Who would log into something like that if they knew?” Brenda Afonso asked.
“No person would do that. We did it because we thought it was this bank app that we had been using all along.”
Scotiabank spokesman Rick Roth acknowledges phishing is an ongoing problem.
Scotiabank has a highlighted message on the login page of its online banking website stating:
“Scotiabank does not send text messages or emails that ask you for your password for online and mobile banking, Personal Identification Number (PIN) for either your ScotiaCard or credit cards, account numbers for any type of account, answers to your security questions, or access code for adding payees.”
“Fortunately in this case, with Scotiabank, it was a legitimate email from their partner. But if consumers get into that habit of clicking on every mail that looks legit, at some point they’re going to get bitten.”
Scotiabank sent our inquiry about what McHugh called a “double standard” to SCENE, which defended its email.
Spokesman Matthew Seagrim said the link to update passwords was included “as a convenience for members,” adding response to the email has been encouraging with people commenting they were pleased with the suggested password change.
He points out while SCENE was created jointly by Scotiabank and Cineplex, it operates as a separate organization.
Marketing professor Ed McHugh has a message for the banks.
“Be clear. If you say you’ll only send info through your website, don’t send it via other means.”
And Brenda Afonso has a message for consumers too.