How to safeguard yourself against cybercrime and electronic fraud

March 21, 2024 | RBC Wealth Management


With cybercrime on the rise in Canada, it's important to know how to protect yourself and your family.

Your package has arrived, click here.

Urgent! Your account needs immediate attention. Please text us your credentials to receive a refund.

Hey, Grandma, it’s me. I need your help!

Cyber fraud has crept into our lives in such a steady way that you probably see these kinds of threats—posed as seemingly harmless (or urgent) messages—regularly.

In a Dec. 2023 survey by consumer credit agency TransUnion, 60 percent of Canadians said they had been targeted with online, email, phone or text fraud in the prior three months, of which 10 percent fell victim.1

Even if you think you can spot the most obvious cons, it’s important to stay vigilant against a rising threat of cybercrime that’s becoming more frequent, harder to detect and more carefully targeted to individual vulnerabilities.

“How to safeguard against cybercrime and fraud is top of mind for all of us. With the rise of artificial intelligence, the prevalence of digital assets like crypto currencies and more sophisticated financial fraud schemes, it’s easy to feel concerned and even a little bit overwhelmed by all these threats,” says Kim Mason, executive vice president and head of RBC Private Banking in Canada.

From phone scams that clone familiar voices to phishing and fake websites, today’s criminals manipulate human behaviour and trick people into divulging confidential and/or financial information.

Here are some ways to help identify common threats, as well as the steps you can take to protect yourself and your family from potential cyber attacks.

The cybercrime economy thrives on stealing personal data

Cybercrime has become highly industrialized in the past decade, with lucrative business models based on stealing and exploiting personal credentials. One industry group predicts the global annual cost of cybercrime to reach US$9 trillion in 2024.2 Viewed as gross domestic product, that would make it the world’s third-largest economy, after China and the U.S.

“Cybercriminals are building out criminal platforms and services, and now franchising out their technology like pizza restaurant franchises,” says Adam Evans, senior vice president and chief information security officer at RBC.

“You now have ransomware-as-a-service, you have access-as-a-service [in which malicious actors sell access into business networks] and you have malware-as-a-service. The groups involved collect massive amounts of data and use these platforms to target individuals, businesses, family trusts—whatever the case may be,” Evans explains.

Key human habits can help fight cyber fraud

Practicing good cyber habits both at home and in your business is essential in order to protect yourself against electronic fraud.

Most ransomware attacks can be prevented through the use of basic cyber security practices, according to the Canadian Centre for Cyber Security.

From how you set and manage passwords to what you share online and which calls to hang up on, these five habits form the basis for protecting your credentials:

1. Use multi-factor authorization to access accounts

“My No. 1 tip to keep safe and secure is enable multi-factor authentication if you haven’t already,” says Kevin Purkiss, vice president of Fraud Management at RBC.

Check settings of online accounts, apps and devices to enable this extra layer of security, which calls for two or more different elements in order to allow access—for example, a password, a code sent to your phone or, best of all, biometrics, such as a fingerprint.

2. Don’t reuse passwords—if you must, use a manager

Cyber professionals always warn that weak or repeat passwords put your credentials at risk—but even the experts experience password fatigue.  To stay on top of multiple passwords, Evans uses a password manager to keep his personal accounts more secure.

“I have more applications and sets of credentials online than I could possibly remember all the passwords for. The password manager will suggest strong passwords and they all stay in a vault. With the click of a button, you can rotate your passwords and lock out any threat actor who may get access to a credential. I find it very helpful,” he explains.

 3. Be cautious of what you and your family share online

Scammers scrape social media looking for potential victims’ personal details; they use that information to trick the victims into engaging with them. This is known as social engineering, and it’s a key tactic used to commit fraud, says Purkiss.

“You are potentially giving away a lot more information than you think, just through social media,” he warns.

“Threat actors may be going to your Facebook account to find out when your birthday is, since everybody wishes you a happy birthday or says how old you are. They may learn where you live, where your vacation properties are; maybe they find out your family connections, your maiden name,” he adds.

To protect yourself from these kinds of threats, set your social media accounts to the private setting, don’t accept friend or follow requests from people you don’t know, avoid posting location details and consider whether the photo or text you’re posting gives away too much private information.

4. Keep your computers, devices and networks up to date

Cyber thieves target devices and networks that aren’t as secure as they could be when connecting online. The most basic defence is to set your laptop, phone, tablet or software to automatically update and receive security patches, suggests Evans.  

“It may feel disruptive, and take a few minutes, but 99 percent of the time [hackers] rely on finding a vulnerability and something unpatched on your device—and that’s how they get in.”

The Canadian Centre for Cyber Security offers detailed tips on securing your devices.

5. Ignore calls, texts and emails that ask for credentials

Cybercriminals may contact you impersonating government employees, bank staff, police or other people you know and ask you to share information (such as PINs and/or passwords) or confirm credentials.

Typically, businesses, services (for example, telecommunications) and government entities will not ask you for confidential information such as credit card numbers or passwords over the phone or via email or text message.

If you do get a call or an automated message from a person claiming to be a representative of a bank, a reputable business or the government, disconnect and call a phone number you have on file, on your credit card or from an official business website to verify whether they did, indeed, contact you.

“The bank impersonation scams are very sophisticated and it’s becoming increasingly difficult for our clients to tell the difference. So if you get called, hang up and call [a verified number],” suggests Purkiss.

Remember, do not click on links sent via text or email if you do not recognize the contact or the contact information looks questionable (e.g., an email address contains random letters and/or numbers or spelling mistakes).


1“Suspected Digital Fraud Originating from Canada Soars in 2023; Canada with Third Highest Increase in Fraud Rates Among 19 Countries Analyzed by TransUnion.” TransUnion Canada, 21 Feb. 2024,

2Morgan, Steve. “Cybercrime to Cost the World $9.5 Trillion USD Annually in 2024.” Cybercrime Magazine, 25 Oct. 2023,

RBC Wealth Management is a business segment of Royal Bank of Canada. Please click the “Legal” link at the bottom of this page for further information on the entities that are member companies of RBC Wealth Management. The content in this publication is provided for general information only and is not intended to provide any advice or endorse/recommend the content contained in the publication.

® / ™ Trademark(s) of Royal Bank of Canada. Used under licence. © Royal Bank of Canada 2024. All rights reserved.