Learn about fraud and how to safely carry out your day-to-day activities in today’s digital world
If it seems too good to be true, it probably is.
The most important thing to know about fraud is that it can happen to anyone, anytime, anywhere, and in any number of ways. No one ever wakes up in the morning and thinks to themselves, “Today I’m going to become a victim of fraud.” We assume we know the warning signs and that we’ll recognize fraud when we see it. And yet every day, many of us do fall prey to fraudsters, because it’s easy to be caught off-guard.
It's not surprising, that as we all spend more time in the digital world, fraudsters have turned their attention to using today's most common means of information gathering and communication to set their trap. But remember, scammers can't make money off those who are educated, know what to look out for, and how to protect themselves from fraud.
Five good practices for safer online contact
1. Slow down
A common theme in many fraud attempts is the artificial urgency or urgent pleas that fraudsters employ to prevent you from taking time to properly think things through. Just say no! Hi-pressure sales tactics are tools to force you to make an immediate decision, but don’t listen. When presented with an enticing offer, stop, and think about it.
2. Question everything
Who is this person who contacted you? Do you know them? Did you expect the call or a delivery of a package? Is their request unsolicited? Would you trust them to watch your wallet? Why did they approach you? If you have won something, why are you being asked to provide financial information such as credit card or account information? What are the risks? If someone calls claiming to be from the government or a financial institution, take their name and then look up the business or organization’s phone number on your own, and then call and ask to speak with the name of the person who called you.
3. Do your research
Make sure that the organization you’ve been contacted by, is legitimate before taking any action. Search the Government of Canada’s online resource, the Canadian Anti-Fraud Centre for information on current scams. Or you can conduct a quick online search with the organization or individual’s name – often times people will already have reported the suspicious activity and a record of previous reports can easily be found.
4. Get a second opinion
If you’re asked to do something (wiring someone money, for example) and you feel uneasy about it, bounce the idea off of a trusted friend, a colleague, or someone at the credit union and run the proposal past them. Do they think it’s a promising idea, too?
5. There’s no such thing as a free lunch
Many scams play on the appeal of quick, easy money. It’s easy to get blinded by the dollar signs. Don’t let that distract you from making a reasonable, informed, and cautious decision. Listen to your gut. If something sounds too good to be true, it probably is.
Verify links before clicking on them by hovering your mouse over the link and carefully checking that it's the website that you expect. The difference may be as simple as a .net address versus a .com address, or a slight difference in spelling, so pay close attention.
When possible, go to the source directly, and type in the company website yourself to verify and use the information from the website.
Don’t open suspicious attachments or click unusual links in messages. They can appear in email, tweets, posts, online ads, messages, or attachments, and sometimes disguise themselves as known and trusted sources.
- Unique passwords matter. Create a unique, secure password for every site that needs one. That way if one site password is compromised, your other logins will remain secure. It may take more thought, but the extra security is worth it.
- Don’t use the auto-save function on your browser or device for usernames and passwords. Saving your credentials may seem easier, but if your phone or computer should get into the wrong hands, entry to your account is automatic.
- Use a password generator and keep passwords in a safe place such as a lock box, or safe.
It’s easy to protect your digital banking account by following these simple rules:
- Do not log in to online banking over public Wi-Fi. This is like letting hackers “look over your shoulder” as you do your banking.
- Do not provide personal information over the phone. Financial institutions do not ask for this information.
- If you receive an email or text with an attachment or a link from your “financial institution” do not follow the link or open the attachment. SCU will never provide an unsolicited email requesting you log in from a link. This is a common method for hackers to gain access to your confidential information.
- If you receive an Interac e-Transfer® that you weren’t expecting, do not click the link. Make sure you verify the suspicious Interac e-Transfer with the sender personally before clicking.
- Never provide your password or PIN to anyone. SCU will never ask you to provide us with your passwords or PINs.
- Be skeptical of emails, messages, or websites containing misspelled familiar words; grammatical errors that make it difficult to understand or misuse a common expression.
- Don't reply to emails asking for personal information to stop the sudden closure of an account. Do not click on links within the email.
- Instead, type the website address directly into your browser so you can confirm that it is safe, or call the company directly instead
- Don't open attachments, follow links, or reply to spam messages — even to unsubscribe. Hover your mouse over the link and carefully check that it's the website that you expect. The difference may be as simple as a .net address versus a .com address, or a slight difference in spelling, so pay close attention.
- Do not provide account or personal details through an unsecured email program. If you need to send sensitive documents through email, ensure the company has a secure email portal. If you’re sending personal documents to SCU, speak with an SCU representative and they’ll help you get set up with our secure email portal.
- Only access your online banking from our website or mobile app. Do not use links in an email.
- Check for secure, legitimate links by hovering over them and make sure you understand where the link is going, versus where the email says it’s going. If you’re unsure, do not click the link.
- Don’t click links within emails or provide information in exchange for a “gift,” as these often link to unsecured or spoofed sites that look real but are not.
- Don’t allow the sender to rush you into a decision when you receive an “urgent” email. Fraudsters will create a sense of urgency to make you act before you think. Be suspicious of anything (an email or phone call) that attempts to panic you into making a hasty decision.
- Call the sender directly to confirm the authenticity of the information.
Here are tips to help you protect your mobile devices:
- Enable password protection: A reasonably complex six-digit password will protect your phone from the average criminal if it’s lost or stolen. For convenience, most devices also offer biometric identification such as fingerprint or face ID. Remember to set your phone to lock automatically when you aren’t using it.
- Don’t connect to public Wi-Fi hotspots and turn off Bluetooth in public places. Never accept files from an unknown device. Someone else could access your private login details while you’re connected through Wi-Fi. Instead, use your mobile data network, which has built-in security.
- Be aware of smishing attacks, which are misleading text messages designed to trick you into clicking on a malicious link or downloading an attachment from a number you don’t know.
- Make sure you have remote access: Most smartphones allow users to remotely track a device location, lock the device, erase the data, and retrieve a backup if it’s lost or stolen.
- Use discretion when downloading apps: Only download apps from the App Store or Google Play. Even apps that seem innocent can have software designed to steal personal data, make fraudulent charges, or even hijack your phone. Be sure to also manage the apps your children can download on your device.
- Keep your device and apps up to date: Update your apps regularly and set your devices to automatically update so they can receive security patches to keep them protected. Consider replacing devices once they no longer receive software updates.
- Set up a PIN for account changes: If you haven’t already, call your service provider and set up a PIN that must be entered before making any changes to your phone plan. This adds an extra layer of security and helps make sure only you have access to your account.
- Avoid making purchases and banking transactions — or any communication that conveys a password, account number, or credit card number — unless you are certain that you are on a secure site and connection (i.e., https://).
- When shopping online, check out the website before entering your credit card number or other personal information.
- Learn how to tell when a website is secure. Look for "https" in the address bar or an unbroken padlock icon at the bottom of the browser window. These are signs that the information you transmit is encrypted (or scrambled), protecting it from hackers as it moves across the internet.
- Update your browser with the latest version. Updated browsers have built-in protection against fake sites and viruses. These updates can eliminate software flaws that allow hackers to view your activity or steal information.
- Get the latest anti-virus or security system software (firewalls) to protect you against online hazards. There are some operating systems that have built-in firewalls that may be shipped in the "off" mode. Confirm that your firewalls are switched “on” and keep all software updated.
- Don't use USBs or other external devices unless you own them.
- To avoid infection by malware and viruses, ensure that all external devices either belong to you or come from a reliable source.
®Apple, iPhone, and Apple Watch are trademarks of Apple Inc., registered in the U.S. and other countries.
Interac e-Transfer® is a registered trademark and the Interac logo is a trademark of Interac Corp. Used under licence.
©2022 Google LLC All rights reserved.