SEO Poisoning

The Canadian Anti-Fraud Centre reports Canadians lost $638M in 2024 and we know the true amount is much higher. Unfortunately for unsuspecting individuals SEO poisoning is a common attack vector.

Criminals are constantly trying to find new ways to steal your money. The latest scam? Creating fake websites that will pop up in a Google search in hopes of getting you to enter your personal information.

CTV News spoke to one Ontario senior who lost most of his life savings after searching online to find the best interest rate to invest in GICs.

“I’m devastated. $750,000 is a lot of money,” said 82-year-old Walter Yamka of Oakville.

“I thought I was on the PC Financial website.”

Yamka said it was last October when he had $750,000 worth of GICs mature and decided to search online to find the best interest rate possible.

Source: https://www.ctvnews.ca/toronto/consumer-alert/article/do-you-know-how-long-i-had-to-work-to-make-that-money-how-an-oakville-man-lost-750k-to-a-fake-website/


Fraud is complex and requires action from all stakeholders.

User mitigating controls:

  1. Always enter your bank’s full URL or save it as a bookmark in your browser.
  2. Never access your online banking through a search engine or social media platform.
  3. Use a password manager that restricts credential entry to the correct domain.
  4. Use phishing resistant MFA factors (ex. Authenticator app instead of SMS).
  5. Setup alerts on your bank’s app (ex. new bill payment vendor added, new e-transfer recipient added, transaction >$X).

Bank mitigating controls:

  1. Staff fraud awareness training to detect red flags.
  2. Customer fraud awareness training.
  3. Transaction monitoring solution that detects anomalous transactions.
  4. Multi-factor authentication (MFA) at login.
  5. Step-up when adding new BP recipients and performing high value transactions.
  6. Offer phishing resistant MFA/step-up factors (ex. Authenticator app, document + selfie ID verification).
  7. Behavioural analytics that detects when a login is not the normal user.

Government mitigating controls:

  1. Require banks to implement a minimum level of security controls for their users.
  2. Require digital platforms to verify advertisers to protect Canadians.
  3. Implement a shared liability policy between users and banks.
  4. Fund dedicated financial crime law enforcement units.

Recent Posts