Social engineering has, unfortunately, grown all too common today. Canadians lost an estimated $11.7 million to bank-investigator scams in 2025 and that’s just one common type of scam. Other scammers work their way into businesses, secure private healthcare information, and convince vulnerable individuals to send them money for a variety of reasons. Worse, social engineering scams can prove very difficult to catch because they use human psychology against their victims, exploiting common responses and patterns to convince them that the scammer’s request is entirely valid.
The “Bank Investigator” Scam
In a bank investigator scam, scammers pose as bank fraud investigators to convince victims to hand over their account information. They often use spoofed numbers including the bank’s number to convince their targets that they are calling from a legitimate source, making them even harder to spot.
The Script
Many bank investigator scams start with a common script designed to guide their targets to their preferred resolution. It starts with a claim of suspicious activity. The “bank investigator” explains that they have noticed strange or high-dollar transactions, and that the account owner needs to act fast to protect their assets. They may:
- Ask for one-time passwords (which most banks encourage their clients never to share with others)
- Request the password to the account
- Encourage victims to transfer their money to a “safe” account that belongs to the scammer
- Send a courier to collect the target’s real bank card
These scams have caused the loss of tens to hundreds of thousands of dollars including one recent notable Ottawa case, in which the victims have lost $400 thousand. These losses can deplete retirement accounts and savings accounts or leave victims financially struggling for months or years after the scam.
The Psychology Behind the Scam
Everyone assumes that they will be savvy enough to spot the scam. However, using common social engineering principles and an understanding of human psychology, scammers are often able to slip through the cracks and convince targets of their legitimacy. They start with trusted-brand spoofing, including having the Royal Bank of Canada appear on the Caller ID, and mimic banking language. Next and this is critical they evoke a sense of urgency and fear so that people will react quickly and without thinking. Bypassing the “thought” stage of the response is key to getting the reaction that scammers are looking for.
To deepen trust, they typically imitate official processes: asking for the one-time password that users see regularly when they log into their accounts, conducting a security investigation, and sending someone to pick up the card to deepen trust. Most of the time, victims believe that they’re helping to stop a thief, and they may have no idea there is fraud occurring.
Real-World Stories: A Look at the Impact
Unfortunately, bank investigation scams are all too common, and they’ve already caused devastation for many victims. In Ontario, two women lost over $84,000 after completing bank transfers or handing over their debit cards at the behest of scammers. In Winnipeg, one man lost more than $600,000 to wire-transfer fraud. Because bank staff often do not intercept suspicious withdrawals, scammers have succeeded in taking dozens of large sums through centers specifically dedicated to those scams and scammers aren’t discriminating in who they target. For many, these scams have caused more than an inconvenience. They have led to utter financial devastation.
Red Flags: Spotting the Scam
Today, it’s more important than ever to be scam savvy so that you can spot potential scams and keep yourself safe. Because of spoofed caller ID, you can never trust the display alone. Keep an eye out for these common signs of scams.
- The caller urges immediate action, conveying a sense of urgency and threatening potentially dire consequences if you do not act quickly.
- There is a request for remote access to your account, including your one-time password and other credentials.
- There is a courier/pickup request made for your card.
- You are asked to deposit money externally.
Typically, these are not the steps taken by banks when they suspect fraud. Instead, they will generally do things like freezing your account or asking you to verify whether specific transactions are valid. If you notice those red flags, contact your bank directly instead.
Protection Strategies
Fortunately, there are several things you can do to help keep yourself safe and prevent yourself from becoming a victim of those scams. Always hang up and verify the call with your bank directly. Call back using the number on your physical card, rather than one given by the caller. In addition, never share one-time passwords or codes, or grant remote access to your account. Often, protecting yourself relies on keeping access to your account private and secure.
Before you take any action, take the time to pause and breathe. Don’t respond under pressure. Most of the time, bank fraud does not require an instantaneous response, but rather a thought-out, verified process. Ask yourself if the call and what is being asked of you makes sense. If it sends up red flags, don’t feel as though you must react immediately! Talk to someone you trust to get a better idea of whether the scenario makes sense. Often, all it takes is a second opinion to stop a scam in its tracks.
Banks and police have protocols in place to deal with scammers and fraud. By following official steps and channels, you can often keep yourself much safer and deal with any potential scammers quickly and effectively.
Proactive Protection
You can’t always control when, or whether, you will be targeted by a scammer. However, you can take some steps to protect yourself ahead of time. Enable multi-factor authentication and account alerts on your bank account. This simple step can go a long way toward keeping you safe! Next, use your bank’s official apps and platforms, rather than clicking links through emails or texts, so that you can be sure you’re on a valid site.
What to Do If You’re Targeted
If you are targeted by a scammer, immediately disconnect from the call. Notify your bank directly or call the police to report the scam. Document the details: what time you were contacted, any information the caller provided, and what you were asked. You should also report to the Canadian Anti-Fraud Centre (1-888-495-8501), which will take action to prevent future fraud.
If you believe that your cards or accounts were affected, contact your bank to freeze or block them so that the scammer cannot get access. Verify that your accounts are secure. If you were breached or shared private information or believe that the scammer had private information about you, consider credit monitoring services to help keep yourself safer in the future.
Educating Others
Of course, you don’t want to keep your knowledge of potential scams to yourself. You also want to make sure that you can protect friends and family especially senior family members, who may not be as familiar with potential fraud. Use red-flag examples: “They asked for my one-time password!” Share concrete information so that they can get a better idea of what fraud is likely to look like.
Promote a culture of “verify before you trust” among friends and family. This simple step can go a long way toward ensuring that you and your loved ones are protected. If you have a loved one that is struggling to understand and identify potential fraud, suggest fraud-prevention workshops at community centers or with banks to help them get a better grasp of how to safely navigate banking in an increasingly dangerous world of complex, evolving scams.
Protect Yourself and Your Loved Ones
Social engineering strategies are designed to exploit our trust, so staying calm, skeptical, and prepared is critical to avoiding fraud and protecting your private account information. If you did not initiate the contact, it’s probably not legitimate! Remaining skeptical is key to ensuring your financial safety.
If you’ve been targeted, share your story, as it may save others. If you want to know more about how to protect yourself from a variety of scams and social engineering scenarios, contact us to learn more about how we can help you stay secure.
