Scammers are posing as employees of Coast Capital to obtain your debit card number, expiry date and online banking access codes.
Coast Capital will NEVER ask for your PIN, password, or security code to set up your debit card on a digital wallet or to investigate a fraud.
You can keep your money safe by being aware of impersonation tactics—where criminals are pretending to be a financial institution or bank fraud investigator—to access your bank accounts.
Let’s break down how this scam works, the warning signs and how you can protect yourself:
How the scam works
Scammers pose as representatives or fraud investigators from Coast Capital.
You may receive a personal phone call or an automated call from someone claiming to be from your financial institution. They will tell you or ask for one or more of the following:
- The security code you’ve received by text message or email (to confirm your identity)
- Request remote access to your computer or device
- Show you a fake fraudulent transaction
- Ask you to transfer funds to a “safe” account
- Add a fraudulent payee to your online banking
- Claim they’ve deposited money into your account (when they’ve moved your own funds)
In some cases, they may even send a courier to your home to pick-up your debit or credit card under the guise of setting up your digital wallet or collecting fraud evidence.
Multi-Factor Authentication (MFA) exploited (sometimes referred to as a One Time Password or Step-up verification)
Multi-factor authentication or two-factor authentication is an important security feature that requires you to setup two or more ways to identify it’s you before granting access to your account. This makes it harder for unauthorized individuals to gain access to your account, but it doesn’t mean they won’t try. Scammers may try to bypass it by:
- Calling you and pretending to be your financial institution
- Asking you to read out the MFA code sent to your smartphone or email
Never share your MFA code with anyone. This code provides an elevated level of security to protect your account, and financial institutions would NEVER ask you for the code.
Coming to your door
Criminals need to get your debit or credit card information, and they may even come to your home—by courier or in person—to pick up your card. They may:
- Ask you to cut your card in half (but leave the chip intact)
- If they are posing as fraud investigators, they may threaten that you could be arrested if you do not cooperate with their investigation
Coast Capital would NEVER come to your home to collect your debit card and legitimate institutions or law enforcement agencies would never threaten you over the phone.
Watch for these warning signs
- Call spoofing: The number on your caller ID may look like it is from Coast Capital, but it’s fake.
- Urgent language or threats: Real institutions, like Coast Capital, don’t use scare tactics.
- Requests for remote access: NEVER allow anyone to control your device.
- Unsolicited calls from credit bureaus: These agencies don’t call you unexpectedly.
- Sharing any MFA or security codes: The only circumstances in which Coast Capital would ask you to provide an MFA code are either when you call us or when you visit a branch to complete a transaction. We do this to confirm that you are who you say you are before conducting any transactions or providing information. Otherwise, you should NEVER share MFA security codes with anyone.
- Requests to transfer money: No legitimate organization, like Coast Capital, will ask you to move your money to “protect” it.
- Card collection: Coast Capital or a police officer will NEVER come to your home to collect your debit card.
How to protect yourself
- Do not assume phone numbers appearing on your call display are accurate. Scammers can spoof phone numbers.
- Hang up if you receive a call from someone claiming they are from Coast Capital, and you are suspicious.
- Call us back using the number on the back of your debit card (1.888.517.7000) to ensure you are speaking to a legitimate person.
- You can also call back using a different phone or wait 10 minutes before calling from the same phone—and make sure you hear a dial tone before making the call. This ensures the scammer has been disconnected.
- Enable Auto-Deposit for Interac® e-Transfer to prevent redirection of funds.
- Set up security alerts in the Coast Capital mobile app to stay updated on what’s happening in your account. You can get notified about key activities like withdrawals, deposits, low balance, or new bill payees. We send automated email and SMS alerts for important security changes such as password updates or biometric registration.
- Stay informed: If your data was exposed in a breach, be extra cautious.
- Educate others: Share this information with friends and family, especially seniors who are often targeted.
If you’ve been targeted
- Contact us immediately at 1.888.517.7000
- Report the incident to your local police and the Canadian Anti-Fraud Centre
- Monitor your accounts for suspicious activity
Bank investigator fraud is a serious threat, but with awareness and vigilance, you can protect yourself and your loved ones. Stay alert, stay informed, and never hesitate to question a suspicious call or request.
