Latest news with #ClaudiuPopa


CBC
8 hours ago
- Business
- CBC
Here's who can actually ask for your SIN
Cybersecurity expert Claudiu Popa shares his tips for keeping your social insurance number safe. He says it starts with just saying no to most companies and organizations that request it.


CBC
3 days ago
- Business
- CBC
Scam targeting sellers on Facebook Marketplace in circulation in Montreal
Montreal sellers on Facebook Marketplace say they're adjusting to a new type of scam from deceptive buyers trying to seize their bank account through fake e-transfers. Violaine Pelletier-Madsen, who sells her personal items on the popular platform, says she almost fell victim when she tried selling something to an individual who wanted her to put the product on hold. He offered to pay a deposit. "I didn't look online to go see their profile," she said. "So I just took it for granted that this conversation goes well and I accepted the Interact transfer." She clicked what looked like an e-transfer link but clicked out when it wasn't directing her to her official bank page or banking app. It's a scenario cybersecurity expert Claudiu Popa says he sees often. The scam, also known as reverse fraud, involves the scammer sending a link disguised with official-looking branding and asking the seller to input their banking information to claim the payment. Once the victim does so, the scammer gets access to their account and sends themselves an e-transfer. Popa says if the buyer expresses a sense of urgency, it should immediately set off alarm bells. "You can put anything you want in that link. If you tell a person you're waiting for them, the vendor's going to click," he said. The Service de police de la Ville de Montréal (SPVM) says the scam seems to be relatively new in Montreal. In an email, the SPVM says seven cases of reverse fraud were reported between January and April 1, 2025, adding that no reports were recorded in previous years. How to protect yourself In April, the RCMP warned residents in Newfoundland and Labrador about the scam after receiving reports from defrauded victims. It says one thing to look out for are e-transfer emails from generic email providers like GMail, which financial institutions don't use. Popa says phishing scams in general have been alive ever since e-commerce. Sellers should beware of shortlinks or URL shorteners which can be used by the scammer to obscure long and obviously illegitimate websites, he says. "If you see a banking or financial link, you do not click on those links. You go to the website that you know and trust and you log yourself in manually," said Popa. Scammers also typically use a recently created Facebook profile using a common local name, according to the RCMP. It's why thoroughly checking the buyer's social media profile has become part of Amy Johnson's e-safety routine. She's also a Facebook Marketplace seller and the owner of Piece to Grow Vintage in Montreal. "You can see if people, even way back, have a history of photos, or friends," said Johnson, adding that having a mutual friend is usually a good sign. "Those are the kinds of things I'm looking for." Pelletier-Madsen says seeing reviews on a buyer's profile from other sellers also puts her at ease. But, mainly she trusts her gut.

09-07-2025
5 expert tips to protect yourself from financial fraud when the banks won't
Canadians are being drained of their life savings by scammers — and many are shocked when their banks refuse to reimburse them. Bank fraud is a significant concern in Canada, according to the Canadian Anti-Fraud Centre. Every week, Go Public hears from people whose accounts have been emptied by fraudsters using everything from phishing emails and fake banking apps to phone spoofing, hacked passwords and unauthorized e-transfers. All too often, investigations by financial institutions end not with accountability, but with banks blaming the very customers who trusted them with protecting their money. It's very disappointing, said Claudiu Popa, a cybersecurity expert who's spent decades investigating cybercrime and educating the public. Banks appear to be protecting themselves and their own reputations, rather than trying to remedy a situation. Popa says he's seen firsthand how criminals exploit everyday habits and security gaps. To help, he's sharing five tips that can reduce your risk of becoming the next victim of bank fraud. WATCH | How to respond if you've been defrauded and your bank's blaming you: Début du widget Widget. Passer le widget ? Fin du widget Widget. Retourner au début du widget ? 1. Use strong, unique passwords The first tip is the most basic: change your password regularly — every three months is recommended — and make it unique. According to password manager NordPass, the most common password used in Canada and dozens of other countries in 2025 is 123456. The second most common password? 123456789. Popa says we should stop thinking of passwords as short codes, and instead think of them as memorable passphrases. Choose your favourite line from a movie or poem or whatever, and sprinkle in some personal punctuation, he suggested. Something like, H@staLaV1staBaby! Make sure it's 15-20 characters, and never reuse passwords across different websites. Reused passwords are one of the most common ways criminals can gain access after a data breach. He also recommends using a password manager to store passphrases, so you can just copy and paste them, instead of typing them out. Viruses latch onto the keyboard and track the keys you're typing, which it can't do if you're pasting it directly. 2. Enable two-factor authentication, account alerts Even the strongest password isn't enough if a hacker gains access through a data breach or phishing scam — which is why Popa says two-factor authentication (2FA) is so important. It adds a second layer of security, typically through a code sent to your device or generated by an authentication app. It needs to be a separate platform, so that's why you should always try to have a different device that you're getting your second factor on, said Popa. Enlarge image (new window) None of Canada's big five banks allow users to set up two-factor authentication for all transactions. Photo: CBC He advises against using SMS text messages for 2FA when possible. Instead, opt for a secure authentication app like Google Authenticator or Microsoft Authenticator. Also turn on every available account notification — for logins, password changes and transactions. Time is of the essence when you get defrauded, said Popa. The sooner you find out, the more likely it is that your banking institution will work with you, rather than protect themselves against you. Go Public asked the big five banks — BMO, CIBC, RBC, TD and Scotiabank — if they allow customers to set up two-factor authentication. All said they give users the option to get codes via text message, which the Canadian Anti-Fraud Centre says are vulnerable to being intercepted. All the banks also offer a more secure option — push notifications sent through their mobile apps. But only TD offers an authenticator app, which Popa says should be standard in the industry. Popa also thinks customers should have the option to set up two-factor authentication for all purchases where a physical card is not used — not just when they log in to their online banking. Currently, none of Canada's big five banks offer that. The banks do allow customers to set up alerts for every transaction, so they can know right away if there's a fraudulent charge. 3. Guard personal information Bank fraud doesn't always involve hacking. Scammers often trick people into handing over information themselves. Popa says social engineering scams, phishing emails and phone scams are becoming increasingly sophisticated. One common tactic people have written to Go Public about is call spoofing. Enlarge image (new window) Fraudsters often manipulate caller ID, a process known as 'spoofing,' to make it look like someone from your bank is calling you. Photo: CBC / L.J. Cake Fraudsters make it appear as though they're calling from your bank, then ask you to confirm details like your login credentials or account number to prevent fraud. They might also ask you to share a one-time passcode sent to your phone. Many of these scammers intentionally make these calls at dinnertime because you're busy doing something else, because your bank branch might be closed, because it happens to be a weekend, said Popa. "They know exactly how to play with your emotions and your instincts." Never share your passwords, PIN, one-time passcodes, or banking information with anyone who contacts you unexpectedly, either by phone, text or email. Popa advises calling your bank directly using the number on their official website or your bank card. And don't click links in unsolicited messages claiming to be from your bank, he warns. Many lead to fake websites designed to steal your credentials. 4. Avoid public wi-fi for banking Checking your account while at a café might seem harmless — but public wi-fi is one of the riskiest ways to access financial information, Popa warns. Hackers can use man-in-the-middle attacks to intercept your connection, steal your login credentials, or even install malware. Instead of relying on wi-fi, use your cellphone data plan, which is more secure or connect through a trusted VPN (Virtual Private Network), which encrypts and protects your information. WATCH | Do banks do enough to compensate customers who are victims of fraud? Début du widget Widget. Passer le widget ? Fin du widget Widget. Retourner au début du widget ? 5. Be careful with banking apps Banking apps are convenient — but they can also pose risks, especially if downloaded from unofficial sources or used on devices with other background apps. Many cybersecurity experts Go Public has spoken to — including Popa — decline to bank on their phone. Enlarge image (new window) Cybersecurity expert Claudiu Popa urges people to never use public wi-fi for banking. Photo: Shutterstock / Yulia Grigoryeva Many apps can run spyware or malware without your knowledge, Popa said. They can take screenshots, track your activity or steal your credentials. Popa's advice if you do use mobile banking: only download apps from the Apple App Store or Google Play Store. Those are the only app stores that should ever be trusted with any apps at all, he said. Better yet? Consider using your bank's website on a secure browser at home. Bonus tips Also consider implementing these additional safety measures: Monitor accounts regularly. Check your bank statements and transaction history frequently to catch suspicious activity early. Shred financial documents. Don't toss bank statements, cheques or credit card offers without shredding them first. Secure devices. Install antivirus software, enable automatic updates and use screen locks on all devices that access your financial accounts. A preventable crime Bank fraud can feel overwhelming — but it isn't inevitable. Popa says small changes in how you manage accounts and devices can make you a far less attractive target. You can't control what banks do, he said. But you can control how easy it is to scam you. Erica Johnson (new window) · CBC News · Investigative reporter Erica Johnson is an award-winning investigative journalist. She hosted CBC's consumer program Marketplace for 15 years, investigating everything from dirty hospitals to fraudulent financial advisors. As co-host of the CBC news segment Go Public, Erica continues to expose wrongdoing and hold corporations and governments to account.


CBC
09-07-2025
- Business
- CBC
5 expert tips to protect yourself from financial fraud when the banks won't
Social Sharing Canadians are being drained of their life savings by scammers — and many are shocked when their banks refuse to reimburse them. Bank fraud is a significant concern in Canada, according to the Canadian Anti-Fraud Centre. Every week, Go Public hears from people whose accounts have been emptied by fraudsters using everything from phishing emails and fake banking apps to phone spoofing, hacked passwords and unauthorized e-transfers. All too often, investigations by financial institutions end not with accountability, but with banks blaming the very customers who trusted them with protecting their money. Got a story you want investigated? Contact Erica and the Go Public team gopublic@ "It's very disappointing," said Claudiu Popa, a cybersecurity expert who's spent decades investigating cybercrime and educating the public. "Banks appear to be protecting themselves and their own reputations, rather than trying to remedy a situation." Popa says he's seen firsthand how criminals exploit everyday habits and security gaps. To help, he's sharing five tips that can reduce your risk of becoming the next victim of bank fraud. WATCH | How to respond if you've been defrauded and your bank's blaming you: Hit by fraud, but the bank's blaming you? How to protect yourself 1 month ago Duration 5:42 1. Use strong, unique passwords The first tip is the most basic: change your password regularly — every three months is recommended — and make it unique. According to password manager NordPass, the most common password used in Canada and dozens of other countries in 2025 is "123456." The second most common password? "123456789." Popa says we should stop thinking of passwords as short codes, and instead think of them as memorable passphrases. "Choose your favourite line from a movie or poem or whatever, and sprinkle in some personal punctuation," he suggested. Something like, H@staLaV1staBaby! Make sure it's 15-20 characters, and never reuse passwords across different websites. Reused passwords are one of the most common ways criminals can gain access after a data breach. He also recommends using a password manager to store passphrases, so you can just copy and paste them, instead of typing them out. "Viruses latch onto the keyboard and track the keys you're typing, which it can't do if you're pasting it directly." 2. Enable two-factor authentication, account alerts Even the strongest password isn't enough if a hacker gains access through a data breach or phishing scam — which is why Popa says two-factor authentication (2FA) is so important. It adds a second layer of security, typically through a code sent to your device or generated by an authentication app. "It needs to be a separate platform, so that's why you should always try to have a different device that you're getting your second factor on," said Popa. He advises against using SMS text messages for 2FA when possible. Instead, opt for a secure authentication app like Google Authenticator or Microsoft Authenticator. Also turn on every available account notification — for logins, password changes and transactions. "Time is of the essence when you get defrauded," said Popa. "The sooner you find out, the more likely it is that your banking institution will work with you, rather than protect themselves against you." Go Public asked the big five banks — BMO, CIBC, RBC, TD and Scotiabank — if they allow customers to set up two-factor authentication. All said they give users the option to get codes via text message, which the Canadian Anti-Fraud Centre says are vulnerable to being intercepted. All the banks also offer a more secure option — push notifications sent through their mobile apps. But only TD offers an authenticator app, which Popa says should be standard in the industry. Popa also thinks customers should have the option to set up two-factor authentication for all purchases where a physical card is not used — not just when they log in to their online banking. Currently, none of Canada's big five banks offer that. The banks do allow customers to set up alerts for every transaction, so they can know right away if there's a fraudulent charge. 3. Guard personal information Bank fraud doesn't always involve hacking. Scammers often trick people into handing over information themselves. Popa says social engineering scams, phishing emails and phone scams are becoming increasingly sophisticated. One common tactic people have written to Go Public about is call spoofing. Fraudsters make it appear as though they're calling from your bank, then ask you to confirm details like your login credentials or account number to "prevent fraud." They might also ask you to share a "one-time passcode" sent to your phone. "Many of these scammers intentionally make these calls at dinnertime because you're busy doing something else, because your bank branch might be closed, because it happens to be a weekend," said Popa. "They know exactly how to play with your emotions and your instincts." Never share your passwords, PIN, one-time passcodes, or banking information with anyone who contacts you unexpectedly, either by phone, text or email. Popa advises calling your bank directly using the number on their official website or your bank card. And don't click links in unsolicited messages claiming to be from your bank, he warns. Many lead to fake websites designed to steal your credentials. 4. Avoid public wi-fi for banking Checking your account while at a café might seem harmless — but public wi-fi is one of the riskiest ways to access financial information, Popa warns. Hackers can use "man-in-the-middle" attacks to intercept your connection, steal your login credentials, or even install malware. Instead of relying on wi-fi, use your cellphone data plan, which is more secure or connect through a trusted VPN (Virtual Private Network), which encrypts and protects your information. WATCH | Do banks do enough to compensate customers who are victims of fraud? Why few bank fraud complaints lead to compensation 1 year ago Duration 1:12 5. Be careful with banking apps Banking apps are convenient — but they can also pose risks, especially if downloaded from unofficial sources or used on devices with other background apps. Many cybersecurity experts Go Public has spoken to — including Popa — decline to bank on their phone. "Many apps can run spyware or malware without your knowledge," Popa said. "They can take screenshots, track your activity or steal your credentials." Popa's advice if you do use mobile banking: only download apps from the Apple App Store or Google Play Store. "Those are the only app stores that should ever be trusted with any apps at all," he said. Better yet? Consider using your bank's website on a secure browser at home. Bonus tips Also consider implementing these additional safety measures: Monitor accounts regularly. Check your bank statements and transaction history frequently to catch suspicious activity early. Shred financial documents. Don't toss bank statements, cheques or credit card offers without shredding them first. Secure devices. Install antivirus software, enable automatic updates and use screen locks on all devices that access your financial accounts. A preventable crime Bank fraud can feel overwhelming — but it isn't inevitable. Popa says small changes in how you manage accounts and devices can make you a far less attractive target. "You can't control what banks do," he said. "But you can control how easy it is to scam you."

CTV News
27-06-2025
- CTV News
‘Be mindful': Toronto police warn of organized thieves ahead of Pride weekend
Hundreds of cell phones were stolen on Pride weekend in Toronto last year, and a senior officer with the city's police force says he'd be surprised if the organized rings weren't going to be at it again this weekend. Chief Supt. Mandeep Mann told reporters on Thursday that 300 cell phones had been reported stolen—a major uptick from previous festivals—and that's a sign that thieves will see this weekend as another opportunity. 'We know that individuals are going to be out there looking to take advantage—I will be surprised if they don't,' Mann said as he addressed some of the security measures the service will be taking as one of the largest Pride festivals in the world gets underway. 'We're asking people to keep things tight, close to their body, in bags in front of them, in pockets, and just be aware and be mindful,' he said. Something similar happened to Mihael Adler when he and his family were visiting Mel Lastman Square for an Asian Heritage Month celebration in May. A relative put the new iPhone 16 down, and within moments, it was gone, Adler said. He followed its location to a few apartment buildings in North York, and then the phone showed up in a location he never expected. 'About four days ago, it pinged that it was in Vietnam,' he said. The international trade in phones is one way to escape phone blacklists and the remote locks and resets customers using Apple's iOS and Google's Android phones can put on them, said digital security expert Claudiu Popa. 'A lot of phones that would not function here in North America will function just fine on a different continent,' he said. Most times, thieves will try to take a phone while it's unlocked, because that means they can access the apps that can sometimes lead to an even bigger take. A Fox TV station in Minneapolis showed how thieves used banking apps on stolen phones to drain hundreds of thousands of dollars from their victims. And if they can't use the phone as a whole device, they can always break it into pieces, Popa said. 'Cellphones can also be taken apart to their core components, and they are worth a lot of money because screens, batteries, cameras, and chips have a ton of value,' he said. Reached as he walked down Church Street on Thursday, Anief Williams told CTV News he's had three phones stolen in the past year in public places, including libraries and subways. 'It's ridiculous man, it's not cool,' he said.