The OTP Scam – A Victim’s Story
This scam typically involves victims being tricked into believing that the bank, government, or another institution is calling them. Victims are asked to provide the one-time passcode that was sent to them, in order to “verify their identity.” In reality, scammers are logging in posing as the victims, which sends a one-time passcode to the victim’s device. Scammers convince victims to give up their one-time passcode and enter it to either log in to the victim’s account, or to transfer funds out. Check out our tipsheet to find more information about how this scam works.
We were joined by Marilyn Crawford who was recently targeted by this scam to share her experience. On January 16, 2023, she received a call from what looked like her bank. Scammers will often use Caller ID “spoofing,” where they can make their caller ID look like any number. Within minutes, an e-transfer of $2800 and 3 $250 gift cards were charged to her account. Our interview recaps how the scam happened and the financial and psychological consequences.
Understanding the OTP Scam: Key Insights
Victims of this scam often have their accounts frozen, must adjust their online banking, and contact their credit bureau. Most banks will do their best to help victims of scams recover lost funds, however, these processes are quite lengthy. The good news is that there are certain security measures that you can take to help avoid being targeted by scammers.
Passwords
Never re-use the same password for more than one account, especially for financial information. If your login information for a different, less secure site was breached, or leaked, scammers may use that information to access your financial accounts.
You can use secure password managers to create, store, and save your passwords to keep track.
Visit our resources on Password Managers to help you pick a secure password manager.
KnowledgeFlow – Safer Password Managers
KnowledgeFlow – How To Pick A Password Manager
One-Time Passcodes
Never share your one-time passcodes with anyone, over the phone or in-person. This is often the last step needed to access your accounts or take money out.
Calling Your Bank
If someone calls claiming to be from your financial institution, it’s always best to hang up and call the phone number on the back of your card. Scammers can make any phone number look as if it’s another. You can never be sure you are talking to your bank unless you call them directly.
Choosing Your Bank
With the increasing number of online scams, it’s important to choose banks that have secure practices. Ensure your financial institution offers multi-factor authentication and that it is enabled for all your accounts. Your bank should also not have character limits when creating your online banking passwords. The more complicated your password is, the more secure it is.
Visit our tip sheet to learn more about the safest online banking practices.
KnowledgeFlow – Online Banking
Reporting Scams
Be sure to report all scams to the Canadian Anti-Fraud Centre. If you think you have been scammed, contact your financial institution immediately. If you are scammed, contact your local police to file a report.
Visit our tip sheet on reporting scams to learn how and where to report fraud.
KnowledgeFlow – What to do After Identity Theft
Remember, don’t be embarrassed if you do become a victim of a scam. Unfortunately, many people are scammed every day. Let’s bring that number down. Ensure you are protecting yourself and your loved ones by sharing this information.