Despite a growing understanding that cyber security is essential in a digital era, some Canadians still need help in getting the message that simple steps can make a big difference in protecting personal information from cyber criminals.

The Canadian Bankers Association (CBA) partnered with Optimity (the new home of the Carrot Rewards app) during Cyber Security Awareness Month in October to conduct a series of online quizzes on cyber hygiene among some of its users. The survey of more than 7,800 Canadians across five demographic groups sought to better understand their knowledge of preventative cyber measures, while also sharing tips and resources to help better protect themselves online. In recognition of Financial Literacy Month in November, the results provide a glimpse into Canadians’ understanding of how to detect and prevent digital fraud, a key part of achieving overall financial well-being.

Difficulty spotting phishing scams

Email phishing scams continue to be the most common form of attack in the cyber threat landscape. Digital fraudsters show no signs of slowing down their phishing activity in 2020 as cyber attacks proliferate amid the widespread shift to work-from-home, and as Canadians spend more time and money online because of the coronavirus pandemic.

  • While the majority (82 per cent) of respondents are confident in their ability to detect a phishing attempt, only 31 per cent were able to correctly identify all the red flags of a phishing scam.
  • More than half (57 per cent) of the survey sample incorrectly thinks phishing emails are easy to spot due to spelling errors, indicating a general lack of understanding of the increasing sophistication of phishing attacks.

According to the Canadian Anti-Fraud Centre, Canadians have lost more than $40 million to online scams so far in 2020 and phishing continues to be used in the majority of cases. Among other fraud prevention resources, the CBA has helpful information for Canadians to help them avoid phishing scams:

“Banks go to great lengths to keep Canadians’ money safe and protect their personal and financial information, but the realities of a connected world mean that cyber threats are not limited to our systems and technology,” says Neil Parmenter, President and CEO of the CBA. “In the digital era, security is a shared responsibility and Canadians have a role to play. To that end, the banking sector is committed to promoting cyber security best practices to help customers better protect themselves and their devices against a rising tide of digital fraud.”

Encouraging news on the need for unique passwords

There is better news when it comes to understanding the importance of using strong, unique passwords to protect internet-enabled devices and sensitive online accounts:

  • 83 per cent of Optimity users say having unique passwords or PINs for each of their accounts and devices is “very important” or “important”, with only 4.5 per cent saying it is not important; and
  • More than 80 per cent of respondents know they should not share their passwords or PINs with anyone, including their spouse or family members.

Despite a growing recognition of the importance of unique passwords, a large number (63 per cent) of respondents could not identify all examples of weak passwords, suggesting a need to learn more about what constitutes a strong password. Another vulnerability is effective password management – more than 80 per cent of users are unable to remember each password, saying this is the biggest barrier to maintaining unique passwords.

Choosing a unique password for sensitive online accounts, such as email and financial accounts, is crucial because a security breach at one site means your password could be handed to criminals who may try to use it at other sites. Here are tips on how to choose a strong password, the first line of cyber defence:

Internet of Things demystified

With the increasing popularity of devices connected to the Internet of Things (IoT) – including televisions, gaming systems, smart thermostats, smart watches, and more – a greater number of Canadians are becoming more attuned to the basic cyber defence practices needed to protect their privacy and security.

  • 83 per cent of respondents say they have four to seven internet-connected devices in their home, and 40 per cent said they have eight or more;
  • 84 per cent of Optimity users say they regularly check for security software updates to their connected devices (42 per cent say “weekly” and 42 per cent say “monthly”); and
  • 90 per cent of users agree that having a strong, unique password for their WiFi connection is important, and that they should keep track of which IoT devices are connected to WiFi.

While these are encouraging results as IoT adoption grows, better knowledge of which every-day objects might be connected to the internet is necessary to improve IoT security. For example, more than 55 per cent of survey respondents did not know that lights could be connected devices. With the worldwide number of IoT-connected devices projected to reach 500 billion by 2030, from roughly 20 billion devices in 2020, Canadians should be educated about the risks and potential security and privacy implications.

The CBA publishes a regular, free fraud prevention email newsletter to help keep Canadians informed of the latest frauds and scams. Register here: Fraud Prevention Newsletter

The Canadian Anti-Fraud Centre handles the reports on fraud and identity theft. If you suspect you may be a target of a phishing scam, or if you have received a phishing attempt, you can report it to the Canadian Anti-Fraud Centre through their Fraud Reporting System, or by calling 1-888-495-8501.