The ABCs of staying safe online and preventing fraud

• Did you click on a link or open an attachment in a phishing email?

• Did you share sensitive information during an unsolicited phone call?

• Have you noticed unexpected movements of funds in your bank account?

• File a complaint via the Federal Bureau of Investigation's Internet Crime and Compliance Centre website and via the Federal Trade Commission website, then forward the fraudulent email to the company, bank or organization mentioned in the email.

• If applicable, file an identity theft report with your local police department.

• If you receive a fraudulent email that appears to be from Natbank, forward it to us at this email address.

• If you notice unusual movement of funds in your account, you must report them to us at this email address within 30 days of the account statement that shows the unauthorized transaction.

• You can also call us at 1‑800‑205‑9992.

• For a debit card linked to your account: call us at 1‑800‑205‑9992.

• For credit cards: call Card Assets at 1‑844‑232‑4243.

1. Carry out updates. By regularly updating your operating systems, software and mobile apps, you add an additional level of protection against fraud. We also recommend using up-to-date antivirus software on your computer. 

2. Set strong passwords. An effective password is quite long (the closer it gets to 21 characters, the stronger it is). You should use a different password for each of your online services (email, bank account, social networks, etc.). Use an online password manager to store all your passwords in a secure place. If a website offers multi-factor authentication (MFA), we recommend using it for increased security, especially for sites that store any financial or other sensitive information.

3. Watch out for phishing scams. Phishing is when hackers use fraudulent emails or websites to trick users into disclosing private account or sign-in details. Don't click on links or open any attachments or pop-ups from sources you are not familiar with. If you inadvertently clicked on a link or opened an attachment that contains suspicious content, you should run your anti-virus software and consider restoring your computer from a backup dating prior to the time the link was clicked, or the attachment opened. 

4. Don't disclose your personal information. Hackers may create social media profiles and use them to attempt to guess your password or answer the security questions used in password reset tools. Lock down your privacy settings and avoid sharing information like birthdays, addresses, your mother's maiden name, etc. Be wary of friend requests from people you don't know. 

5. Secure your mobile devices. Use a password to lock your smartphone and other devices. This will make it harder for fraudsters to access your information if your device is lost or stolen. Before you give away, sell or trade a mobile device, make sure you wipe its contents using specialized software or the procedure recommended by the manufacturer. Some software enables you to wipe your device remotely if it is lost or stolen.

6. Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.

7. Shop safely. Before making purchases online, verify that the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https rather than http; this indicates that the website is encrypted. Also, check to see if a locked padlock icon appears on the page.

8. Read the site's privacy policy. Though it may be long and complex, the privacy policy tells you how the site protects the personal information it collects and the rights you have to manage the use of your personal information.  

1. Don't share your secrets. Never disclose your Social Insurance Number (SIN) or account information to anyone who gets in touch with you over the phone or online. Protect your PINs and passwords and don't share them with anyone. Use a combination of letters and numbers for your passwords and change them from time to time. Don't share any sensitive personal information on social media.

2. Be careful with sensitive documents. Shred receipts, bank statements and unused credit card offers before throwing them away. You should also keep an eye on your mailbox: fraudsters may steal letters containing your bank statements, credit card statements or other financial information. Never mail out bill payments from your own mailbox (by putting the flag up).

3. Use online banking to protect yourself. Check your accounts frequently to detect fraudulent transactions. You can sign up to receive text or email alerts when certain types of transactions are charged to your account, such as online purchases, international transactions or transactions totalling more than $500.

4. Monitor your credit report. Check your credit report regularly with credit reporting agencies. You can request a copy of your credit report online, and some options are free.

5. Immediately report suspected fraud to your financial institution.

Cybercriminals are targeting small businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software spread through infected attachments and online social networks to obtain sign-in credentials for business accounts, transfer funds from the accounts and steal private information. This type of fraud is referred to as "corporate account takeover".

You can shield your company from attack through a strong partnership with your financial institution.

You must understand and implement the security measures detailed in your account agreement with your bank. If you don't, you could be held liable for losses resulting from an account takeover.

Here's some advice to help you strengthen the security of your business:  

1. Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee training about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers. 

Don't have an internal training program? Discover the Cybersecurity awareness kit that National Bank of Canada created in partnership with Cybereco^TM to help you train your employees. 

2. Protect your online environment. It is important to protect your online environment just as you would your cash and your premises. Always use internet connections that are secured by a password, at the very least. Encrypt sensitive data and regularly update your antivirus software. It’s also important to use complex passwords and change these passwords periodically.

3. Partner with your financial institution to help prevent unauthorized transactions. Speak to your banker about programs that can help safeguard you from unauthorized transactions. Call backs, device authentication and multi-person approval processes can help protect you from fraud.

4. Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop-ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and deactivate any systems that may have been compromised. Keep a record of what happened.