Scam: Latest Bank Phone Trickery

I noted on TV the latest scam the Cybernasties have in their arsenal.

The assumption is that they have already compromised the bank customer’s login or bank card. Usually that is enough to get into the victims accounts, however, now many have 2 factor authentication (2FA). This means the bank website will recognize that the person trying to log in is doing it from an unknown location. This will cause it to enact 2FA.

In most cases, the 2FA will send a code to an assigned phone number. In some cases the cybernasties can clone the victim’s phone, but some have reverted to a more low tech scamming technique. They call the victim, claiming to be the bank. They mention some bogus transaction, and say they need to verify who they are calling.

This is where the 2FA is subverted. They will tell the victim on the phone that the bank will send them a code, and then have the victim read it, out loud. This means the culprits have broken into the bank account, but needed the 2FA code, which the victim has now given to them. The accounts are now compromised.

How to Fight This Scam

First, if someone calls from the Bank, make them identify themselves to your satisfaction. Ask them questions and worse come to worse, tell them you will call them back. Tell them you don’t do business over the phone if they say they don’t do that. You will go into a branch and deal with the problem there.

Change your login password right now. Assume you are already compromised, which is the case. Given the daily identification breaches that are happening, it is a safe assumption. Change your password more than, never, as well.

Add 2 Factor Authorization to your accounts now. Never, give anyone the code sent to you from Two Factor Authentication. The scam folks are out there and they want your money (or loyalty points).

Advice for if You Are Targeted

1. TD Canada Trust

“Spot Scam Calls: 8 Things Banks Would Never Ask” – TD clearly states they will never call and ask you to verify your identity through personal data or a one-time code:

“Banks will never call you to ask for personal information…
…disclaimer at the end of our 2FA codes that stated ‘this code gives access to your account. Do not provide this code to anyone over the phone’.” td.com+15td.com+15meridiancu.ca+15 advisors.td.com reddit.com

2. Meridian Credit Union

Meridian debunks the myth that banks might ask for OTPs:

“Can my bank ask for my OTP?
No. Meridian will never ask for your OTP or login information over the phone, by text, or email.” nbc.ca+2meridiancu.ca+2td.com+2

They also advise: “Do not share the code with anyone. It likely means someone is trying to access your account.” thesun.co.uk+4meridiancu.ca+4nbc.ca+4

3. National Bank of Canada

National Bank’s security guidance is clear:

“National Bank will never ask you for your password, unique verification code, or SecurID token code, whether by text message, email, or telephone. If someone asks you for this information, it is most likely a fraud attempt.” advisors.td.com+9nbc.ca+9bankwithbos.com+9

Steps to take if you are targetted

🇨🇦 Step 1: Report to the Canadian Anti-Fraud Centre (CAFC)

The CAFC is Canada’s central agency for tracking and investigating fraud.

🔗 Report a fraud to CAFC

Or call: 1-888-495-8501 (Mon–Fri, 9 a.m. – 4:45 p.m. EST)

You can report:

Scam phone calls pretending to be from your bank
Any requests for your 2FA, password, or OTP

🏦 Step 2: Report to Your Financial Institution

Immediately contact your bank or credit union through official channels (e.g., number on the back of your card). Ask to speak with the fraud or security department.

Example:

TD: 1-866-222-3456
RBC: 1-800-769-2511
Scotiabank: 1-800-472-6842
CIBC: 1-800-465-2422
BMO: 1-877-225-5266

Let them know:

You were contacted about a code
Whether you shared the code or not
Any suspicious transactions

📱 Step 3: Report to Your Wireless Carrier

If you received the scam via text or call, report the phone number to your carrier by forwarding the message to 7726 (SPAM) — a free service used by Rogers, Bell, and Telus to block scam numbers.

🛡️ Step 4: Report to the Police (if you lost money)

If money was stolen from your account, also report it to your local police department. You may need:

A copy of your CAFC report
Transaction details
Call records (if available)

Bonus: Stay Informed

Canadian Anti-Fraud Centre Scam Alerts
Consider signing up for alerts from your bank’s fraud or security page

Resources

Canadian Cyber Safe web site, from the Government of Canada.
Watch the Bee Keeper, a violent movie, but it starts with a similar scam to watch out for.

1 thought on “Scam: Latest Bank Phone Trickery”

kagould17 March 20, 2024 at 8:47 am


When you build better security, you build better criminals. We no longer pickup the phone for unknown #s. Have a great day.