Person holding phone, with padlock and password icons floating above screen

Get cyber safe

Each year the Canadian Government reminds people to get cyber safe as part of Fraud Prevention Month. In support, we want to remind you to take the necessary precautions to be safe from online threats.

Fraudsters are becoming more prevalent online. According to the Canadian Anti-fraud Centre, the three most reported types of fraud in 2022 were all designed to get you to pay or give away sensitive information like your Social Insurance Number, passwords or banking details. Fortunately, there are small but impactful steps you can take to stay secure.


Your username is the first thing that keeps you safe. You should not tell anyone your username or password except under conditions of assigning legal authority, such as power of attorney. If you believe your username or password are compromised, you should change them in the Account Settings area of My Account.

  • Do not use personal details such as your driver’s license number or personal health number as your username.


It’s vital to keep your password safe. One way to ensure security is to change passwords on a regular basis. Please follow these best practices when creating and maintaining your passwords.

Top things to avoid

  • Do not use the same password for multiple online accounts. You multiply the risk if your password is ever stolen.
  • Do not use your username as your password.
  • Do not use personal details such as your name, birthday, or pet’s name, as your password. These can be easily discovered by others.
  • Do not use the most common passwords (e.g., “password”, “12345”) that are easy to guess.

Consider creating a strong password passphrase

A passphrase is a memorable sequence of words strung together, ideally including numbers and special characters, such as: “Time-for-strong-coffee@10am” or “myfavorite#is-twenty-seven.”

A typical 7-character password containing only upper and lowercase letters such as “Toronto” would take today’s hacking software only 25 seconds to solve. However, a 14-character password that contains upper and lowercase letters, numbers and special characters combined such as “BedTime@11:30!” would take an estimated 200 million years to solve.

If passphrases aren’t for you

If you can’t think of a passphrase, or if you have difficulty remembering more complex passwords, consider using a password manager program. There are many reliable, secure companies who provide software to manage all your passwords safely without the need to remember them.

Remember: No one from your pension plan will ever ask you to share your password.

Private information

Anyone can be a target of fraud at any age. Fraudsters are good at manipulation and deception when trying to get you to share your private data.

Beware of phishing

Phishing is the practice of trying to fool people into providing their personal and private information by pretending to be a legitimate, reliable business or person. Phishing scams can occur by email, telephone or text message. Once given, your information is then used to access important accounts and can result in identity theft and financial loss.

Be suspicious of anyone who claims to need your personal information or asks you to send money or copies of your ID. Don’t be pressured to respond instantly to situations that feel unexpected. Take a moment to reflect and evaluate the situation before reacting.

Phishing emails can appear to be coming from a reliable source, but may include typos, unusual links, or improper grammar. Never click on links or open attachments found in email messages from unknown senders.

Keep paper safe

Your pension statement contains important personal financial information. In the wrong hands, these statements could offer fraudsters access to sensitive details. Don’t throw away or recycle your financial statements without shredding them first.

You may want to consider removing paper altogether by opting to receive paperless statements.

General online safety tips

  • Don’t type your password or security answers into plain text document on your computer. These can be easily found if your computer were to become infected with malware.
  • Don’t log in to your financial accounts on a public wi-fi network without the protection of using a virtual private network (VPN).
  • To improve the physical security of your phone or tablet, consider using biometrics such as a face scan or fingerprint access to unlock it. You will find access to these options in your Settings if available.

By following these best practices, you can reduce the risk of falling victim to online fraud and keep your personal and financial information safe.

More information