The Canadian Investment Regulatory Organization (CIRO) has published an investor alert during Fraud Prevention Month warning about a pattern of “account intrusion” scams in which criminals gain unauthorized access to online investment accounts and use that access to trade and move or withdraw funds. CIRO described intrusions as typically initiated through emails, text messages, malicious links or apps, often framed as urgent password update requests and sometimes using spoofed email addresses or website links that impersonate legitimate organizations. CIRO pointed to Investor Survey findings that around one in five Canadians have been approached with possible investment fraud and that only 14% of those approached reported it, with contact most commonly made through unsolicited spam emails, texts or calls, or social media messages. The campaign materials include a video, a new “Schemes, Scams and Swindles” series whose first story focuses on account intrusions, and a checklist urging investors to verify senders and links, enable multi-factor authentication, and use spam filters; suspected victims are advised to contact their dealer immediately and report the fraud to the Canadian Anti-Fraud Centre.
Canadian Investment Regulatory Organization 2025-02-28
Canadian Investment Regulatory Organization warns Canadians about account intrusion scams and issues a cybersecurity checklist
The Canadian Investment Regulatory Organization (CIRO) issued an investor alert during Fraud Prevention Month about "account intrusion" scams, where criminals access online investment accounts to trade or withdraw funds. These scams often start with emails or messages posing as urgent password updates from legitimate organizations. CIRO's campaign includes educational materials and advises investors to verify communications, enable multi-factor authentication, and report fraud to the Canadian Anti-Fraud Centre.