Cybersecurity for Canadian Investors

Cybercrime has become widespread and increasingly impactful, affecting individuals, families, and organizations alike. In Canada alone, estimated annual fraud losses in 2024 were approximately $645 million, according to the Canada Anti-Fraud Centre, doubling from 2019 to 2024. A large proportion of individuals have either experienced cyber incidents directly or know someone who has.

The issue is no longer confined to large institutions; cybercrime targets everyone, including retirees, professionals, and investors. Attackers operate at massive scale, launching attempts in the hundreds of millions or billions, knowing that even a small success rate yields significant profits. If cybercrime was measured as an economy, it would rank as one of the largest economies in the world, behind only the United States and China.

Cybercrime is also increasingly organized, involving structured groups with specialized roles such as developers, support teams, and even call centers—indicating that it has evolved into a highly professionalized and profitable industry. The Economist has put out a fascinating podcast about this, called Scam Inc. (unfortunately the later episodes are behind a paywall, but the first three are free).

How Criminals Use Technology to Access Accounts and Information

Modern cybercrime has shifted from purely technical attacks to a combination of technology and human exploitation. While traditional hacking still exists, many successful attacks rely on exploiting weaknesses in how people manage access and credentials.

Common technical methods include:

• Password reuse: Using the same password across multiple services allows attackers to access multiple accounts once one account is compromised.
• Credential theft through phishing: Fake login pages or links trick users into entering usernames and passwords.
• Exploiting weak authentication: Accounts protected only by passwords are easier to breach than those with multi-factor authentication.
• Data breaches: Exposed personal data (e.g., social insurance numbers, account numbers) is reused for further attacks or identity theft.
• AI-assisted impersonation: Attackers can now mimic voices, generate realistic videos, or craft highly convincing messages using minimal input, making scams increasingly difficult to distinguish legitimate interactions from fraudulent ones.

Ultimately, the combination of stolen credentials, reused information, and emerging technologies makes unauthorized access easier and more scalable than ever before.

How Criminals Use Social Engineering to Extract Money

A major evolution in cybercrime is the focus on manipulating people rather than breaking systems. Social engineering involves convincing individuals to voluntarily give away money, access, or sensitive information.

Common tactics include:

• Urgency and pressure: Claims that accounts will be locked, fines applied, or arrests made if immediate action isn’t taken.
• Authority impersonation: Pretending to be banks, government agencies, or law enforcement.
• Emotional manipulation: Leveraging fear, panic, excitement, or empathy to override judgment.
• Information gathering: Using data from social media or breaches to make scams more believable.
• Common scams include:
• Phishing and Smishing: Emails or text messages designed to trick users into clicking links or providing login credentials. These often include urgent requests, fake transactions, or threats of account closure.
• Impersonation Scams: Attackers pose as trusted individuals or organizations, sometimes using AI-generated voices or videos.
• Romance and Relationship Scams: Fraudsters build long-term emotional connections online before requesting money, often using fabricated identities enhanced by AI.
• Government or Tax Scams: Calls or messages pretending to be from government agencies (e.g., tax authorities or police) threatening legal consequences.
• Grandparent/Family Emergency Scams: Voice-cloned calls simulating family members in distress, requesting urgent financial help.
• Extortion/Blackmail Scams: Use of manipulated or fabricated content (e.g., AI-generated images) to pressure victims into sending money.
• Fake Offers or Opportunities: Promises of prizes or grants designed to lure victims into sharing information or funds (e.g. just pay for shipping).
• Investment and job scams: Promises of high returns or high-paying job opportunities that are too good to be true.
• Pig Butchering/Romance Baiting Scams: a combination of online relationship and investment scams where the attacker “fattens” a victim through trust and attention and then “slaughters” them by draining their finances through an investment scam (typically fraudulent cryptocurrency schemes).

A common theme across all these scams is emotional manipulation and urgency. Attackers aim to catch individuals when they are distracted or under pressure, increasing the likelihood of a mistake. What makes them successful is that they prey on your emotions – whether that’s greed, independence, loneliness, or wanting to help and protect friends or family.

Strategies to Protect Yourself

Despite the sophistication and numerous types of different cyber threats, the good news is that a small number of core principles can significantly reduce risk, regardless of the situation.

1. Slow Down and Pause
Most scams rely on urgency. Taking a moment to think before acting can prevent costly mistakes. Feel free to also reach out to a friend, family member, or your advisor to verify if this is reasonable.

2. Verify Independently
Always confirm requests through trusted independent channels rather than responding directly to messages or calls (e.g., contacting your bank directly using their official website/app, or phone number on the back of your access card rather than clicking a link).

3. Use Strong, Unique Passwords

Create long, unique passwords or passphrases – if you’re going to reuse passwords, only do it for non-sensitive accounts; bank accounts, investment accounts, CRA access, etc. should all have unique passwords per account. Use password managers to securely store credentials.

4. Enable multi-factor authentication (MFA) or Passkeys wherever possible

MFA adds an extra layer of security by requiring more than just a password – such as a code sent to a device or biometric (face ID / fingerprint) confirmation. Even if a password is stolen, MFA can prevent unauthorized access. Beware however, that attackers attempt to bypass MFA through tactics like fatigue attacks (sending repeated “approve” prompts until some clicks approve to make it stop) or social engineering (asking users for codes).

5. Be Cautious with Links and Attachments

Avoid clicking on unexpected links or attachments.

Don’t scan unknown QR codes out of context (e.g. QR code on street post)

Treat unsolicited emails, texts, and calls with skepticism.

Watch for messages that feel “too good to be true” or overly urgent.

6. Limit Information Sharing
Reducing the amount of personal information available online makes it harder for attackers to build convincing scams.

7. Keep Technology Updated
Regularly and quickly update devices and software to patch known vulnerabilities.

8. Use Secure Networks

Avoid using public Wi-Fi for sensitive accounts, like online banking. Use a secure, private network, and a VPN when necessary.

9. Secure Your Documents

Shred sensitive documents and securely delete files you no longer need, both online and offline.

10. Monitor Your Accounts

Review your account statements regularly and report any suspicious activity immediately. Review your credit regularly through credit monitoring or annual credit reports and set up fraud alerts and/or credit locks on your TransUnion and Equifax accounts.

11. Don’t Engage with Attackers
Responding to scammers signals engagement and can escalate the attack. Disengagement is often the safest approach.

12. When in Doubt, Reach Out

If you suspect a scam or have questions about a communication, contact the Daley Wealth Management team using a trusted phone number, email, or the online portal. It’s not an inconvenience, we’re here to help you with being financially secure.

13. Act Quickly if Compromised
If a breach occurs, acting within the first 24–48 hours can improve the chances of stopping or reversing damage. Don’t be ashamed or feel at fault, scams are sophisticated and designed to deceive. Immediately contact the bank or service providers and authorities.

Resources

Some helpful resources related to keeping yourself informed and protected:

Canada Get Cyber Safe

Cybersecurity Ontario Knowledge Base

Canadian Anti Fraud Centre

Canadian Centre for Cyber Security – Reporting a Crime

RCMP – Reporting a Cyber Incident

Check if your usernames or passwords have been compromised: https://haveibeenpwned.com/

Instagram Accounts:

Cybersecurity Girl

Western Technology Services

Podcasts:

Mel Robbins with Cybersecurity Girl Caitlin Sarian

The Economist – Scam Inc.

Summary

Cybercrime has evolved into a large-scale, organized, and highly profitable global issue that affects individuals just as much as institutions. While technological methods like password attacks and data breaches remain important, the most significant shift is toward exploiting human behavior through social engineering.

Attackers rely on emotional triggers—urgency, fear, trust, and curiosity—to manipulate individuals into taking actions that benefit the criminal. As scams become more personalized and technologically sophisticated, especially with the rise of AI, traditional signals like poor grammar or obvious red flags are no longer reliable.

The most effective defense lies in consistent habits: slowing down, verifying requests, minimizing data exposure, and strengthening account security through tools like password managers and multi-factor authentication.

Ultimately, cyber safety is less about mastering every type of scam and more about recognizing patterns and applying disciplined, repeatable behaviors to protect yourself, your family, and your finances.

We’re here to help – as a client, if you are ever uncertain about whether something is a scam or not, feel free to reach out and get a second opinion.