It can happen to anyone
Digital Banking Tools
Working together we can support your digital safety while you do your online banking.
- Never share your username and password with anyone. A strong password that cannot be guessed easily, will be more difficult to crack.
- If something feels too good to be true, it probably is. Just say NO.
- The CRA or RCMP will never phone you, asking for personal information. If you get a call like this, hang up.
- Be careful what you post online. Scammers can get details that you shared on social media platforms and dating sites to target you and get names and details about your loved ones.
- Be suspicious of telephone calls that require you to act immediately and request money for a family member in distress.
- The Alerts feature lets you know when someone accesses your banking profile.
- AutoDeposit for E-transfers allows for fewer entry points where information might get intercepted.
You can choose to receive alerts using all, a combination of, or one notification type (text, email, and/or push notification).
2. Click ‘My Credit Union’ and under Alerts select 'Security' or 'Account'.
3. Select the account.
4. Under each heading toggle on/off the types of desired notifications (text message, email, push notifications).
5. Set limit and amount if applicable.
6. Click 'Save'.
Mobile App:
1. Sign in to digital banking on the mobile app.
2. Tap ‘More’ (located bottom right-hand corner), choose ‘Alert Settings’, and then tap either ‘Accounts Alerts’ or ‘Security Alerts’.
3. Choose the account.
4. Under each heading tap the type of alert you would like then toggle on/off the types of desired notifications.
5. Set limit and amount, if applicable.
6. Click 'Save'.
Note: You can now set up Autodeposit for your email address AND your mobile phone number.
1. Sign in to digital banking on desktop/tablet.
2. Go to ‘Transfers & Payments’.
3. Under Interac e-Transfer®.
4. Click ‘Autodeposit Settings’.
5. Click 'Add Autodeposit'.
6. Under Register With, input the mobile phone number or email address you would like to register and choose which account you would like your money to be automatically deposited into.
7. Agree to the acknowledgement and click ‘Continue’.
8. Confirm your autodeposit details and click ‘Continue’.
9. Enter the one-time password you receive via text or email address.
10. Click ‘Continue’.
11. A Verification message will be sent to you via text or email to complete the registration. You will have the option of either completing the registration or declining it.
Mobile App:
1. Sign in to digital banking on the mobile app.
2. At the bottom of the screen tap ‘Move Money’.
3. Tap ‘INTERAC e-Transfer’ at the top right corner.
4. Tap ‘Autodeposit Settings’.
5. Click the + icon at the top right hand corner of the screen.
6. Under Register With, input the mobile phone number or email address you would like to register and choose which account you would like your money to be automatically deposited into.
7. Agree to the acknowledgement and click ‘Continue’.
8. Confirm your autodeposit details and click ‘Continue’.
9. Enter the one-time password you receive via text or email address.
10. Click ‘Continue’.
11. A Verification message will be sent to you via text or email to complete the registration. You will have the option of either completing the registration or declining it.
Phishing Scams
Phishing is a common tactic that cyber criminals use to steal personal and financial information from you. Phishing messages usually take the form of an email or phone call from a cyber criminal who is pretending to be someone they are not, such as your bank.
Cyber criminals have become increasingly sophisticated in their phishing campaigns.
Don't get reeled in. Get cyber safe, and arm yourself with the following tips so that you can be vigilant about staying cyber secure.
Phishing is one of the most common threats you can encounter online. Luckily, phishing messages can be easy to spot – if you know what you’re looking for.
Here are the 7 biggest red flags you should check for when you receive an email or text.
1 Urgent or threatening language
Real emergencies don’t happen over email.
Look out for:
- Pressure to respond quickly
- Threats of closing your account or taking legal action
2 Requests for sensitive information
Anyone asking for personal information over email or text probably shouldn’t be trusted with it, anyway.
Look out for:
- Links directing you to login pages
- Requests to update your account information
- Demands for your financial information, even from your bank.
3 Anything too good to be true
Winning a lottery is unlikely. Winning a lottery you didn’t enter is impossible!
Look out for:
- Winnings from contests you’ve never entered
- Prizes you have to pay to receive
- Inheritance from long-lost relatives
4 Unexpected emails
Except the unexpected, and then send it right to the trash.
Look out for:
- Receipts for items you didn’t purchase
- Updates on deliveries for things you didn’t order
5 Information mismatches
Searching for clues in phishing email puts your love of true crime podcasts to good use.
Look out for:
- Incorrect (but maybe similar) sender email addresses
- Links that don’t go to official websites
- Spelling or grammar errors, beyond the odd typo, that a legitimate organization wouldn’t miss
6 Suspicious attachments
Attachments might seem like gifts for your inbox. But just like real gifts, they’re not always good…
Look out for:
- Attachments you didn’t ask for
- Weird file names
- Uncommon file types
7 Unprofessional design
For some reason, hiring a graphic designer isn’t on a cyber criminals priority list.
Look out for:
- Incorrect or blurry logos
- Company emails with little, poor or no formatting
- Image-only emails (no highlightable text)
If you spot any of these red flags in a message:
- don’t click any links
- don’t reply or forward
- don’t open attachments
Delete the email or text, or reach out to the sender through a different channel if you're not sure.
If you have an email address or cellphone number, chances are you’ve received a phishing message. And you’re not alone: phishing is the third most common scam affecting Canadians today.
Phishing is a cyber criminal’s attempt to get sensitive information by pretending to be a legitimate sender like
- GOVERNMENT ORGANIZATIONS
- STREAMING SERVICES
- BANKS
- ONLINE STORES
- PHONE PROVIDERS
- PEOPLE YOU KNOW
PHISHING IS VERY COMMON
1 IN 99 EMAILS ARE A PHISHING EMAIL
1 in 25 BRANDED EMAILS ARE PHISHING
AND VERY EASY TO FALL FOR
1 IN 10 CANADIANS SAY THEY’VE REPLIED TO PHISHING MESSAGES UNKNOWINGLY
Phishing comes in all shapes and sizes
- SMISHING - SMS OR TEXT MESSAGING
- SPEAR-PHISHING - PERSONALIZED, TARGETED MESSAGES
- WHALING - MESSAGES TARGETED AT EXECUTIVES
- SPOOFING - FORGED WEBSITES OR PHONE NUMBERS
6.4 BILLION PHISHING EMAILS ARE SENT EACH DAY
DON’T TAKE THE BAIT
- READ AND RE-READ - Double-check the message and sender for anything strange.
- DON’T CLICK SUSPICIOUS LINKS - Don’t’ download unknown files either.
- NEVER SHARE YOUR PASSWORD - Never, ever, but especially over email or text.
It doesn’t hurt to be cautious. If you’re suspicious of a message, call the person or organization using their trusted number to double-check if the message is legit.
The “free vacation” scam
Who could say no to a free trip to the Bahamas? No one (obviously!).
This is why cyber criminals have made the “free vacation” phish one of the sharpest hooks in their phishing tackle box. They’re counting on their victims’ desire to get a free trip to outweigh common sense when it comes to getting free stuff.
The free luxury vacation is a great example of an important truth about personal cyber security: If an offer arrives out of the blue and seems too good to be true, it probably is.
If you think you're the victim of an online contest or sweepstakes scam, the most important thing is not to panic. By getting in touch with the proper authorities, you may help catch cyber criminals before they can scam anyone else. Contact the Canadian Anti-Fraud Centre or call 1-888-495-8501.
The “fake government message” scam
Fear is a key tactic that phishers use to extract personal information from their victims.
Cyber criminals know that the fear of being fined or even arrested can drive people to take actions they otherwise wouldn’t.
That’s why the “fake government message” phish is so prominent with cyber criminals.
It usually goes something like this: A victim receives a phone call from someone claiming to a government official. This person tells you that you need to respond with some personal information or you risk being fined or arrested.
Many people fall victim to this phishing attempt because no one wants to be at risk of a running afoul of the government.
Don’t let these scare tactics fool you! If it seems phish-y, it probably is. If you are concerned, contact the department directly by looking up their official information on their website.
The “gift card” scam
Not all phishing attempts are mass-produced. Spear phishing attacks are targeted and use information that only the victim could know, but often can be found easily online.
A common example of this is the “gift card” scam.
Someone receives a message, usually an email, that claims to be from a manager or co-worker. The sender asks the victim to go to the store to buy some gift cards. The sender claims to be in a meeting and asks the victim to send the card numbers in an email.
It’s an example of how targeted and detailed spear phishing scams can be. Cyber criminals can learn specific information about an organization, such as employees who work there, and use this information to convince you to interact with their phishing message.
The best way to find out if the request is valid, is to contact that person directly through another channel. If they sent an email, call them. If they called, email them.
Don’t give into the pressure, if it sounds a little phish-y, it probably is.
Conclusion
Cyber criminals are always refining their phishing techniques. There’s no exhaustive list of all the potential phishing scams out there.
But, by being aware of the above examples, you can learn how to spot some of the more common types of phishing scams.