What you'll find on this page:
The golden rules of fraud prevention
No one ever wakes up in the morning and thinks to themselves, “Today I’m going to become a victim of fraud.” We assume we know the warning signs and that we’ll recognize a scam when we see it. And yet every day, many of us do fall prey to fraudsters, because it’s easy to be caught off-guard. Keep these four tips in mind and you’ll be well on your way to protecting yourself from fraud.
Slow down: A common theme in many fraud attempts is the artificial urgency fraudsters employ to prevent you from thinking things through. Don’t listen to them. When presented with an enticing offer, stop and think about it.
Question everything: Who is this person who contacted you? Do you know them? Is their request unsolicited? Would you trust them to watch your wallet? Why did they approach you? What are the risks? Consider searching the Government of Canada's online resource, the "Canadian Anti-Fraud Centre" for information on current scams. Or, conduct a quick online search with the organization or individual's name - often times people will already have reported the suspicious activity and a record can easily be found.
- Get a second opinion: If you’re being asked to do something (wiring someone money, for example) and you feel uneasy about it, bounce the idea off of a trusted friend, a colleague, or someone at the credit union and run the proposal past them. Do they think it’s a good idea, too?
- There’s no such thing as a free lunch: Many scams play on the appeal of quick, easy money. It’s easy to get blinded by the dollar signs. Don’t let that distract you from making a reasonable, informed, and cautious decision. Listen to your gut. If something sounds too good to be true, it probably is.
Browse the internet safely
Hackers are getting more sophisticated today, so it is vital to remember some basic safety principles when browsing the internet.
- Look for a "lock" icon at the bottom of your browser and make sure "https" appears in front of the Web address before submitting any personal or financial information through a web site. These visual clues tell you the information you are sending is secure.
- Verify links before clicking on them by hovering your mouse over the link and carefully checking that it's the website that you expect. The difference may be as simple as a .net address versus a .com address, or a slight difference in spelling, so pay close attention.
- Be skeptical of emails, messages, or websites containing misspelled common words; grammar errors that make it difficult to understand or misuse common expressions.
- Google Ads show the destination website address near the ad headline. Confirm this link is what you expect before clicking, and if unsure, don't click the link.
- When possible, go to the source directly, and type in the company website yourself to verify and use the information from the website
- Keep your anti-virus software updated on all your devices.
Here are four ways to keep your internet browsing secure.
Learn about software that can help protect your computer from malware.
Create safer passwords
In today’s digital world, we use passwords for almost everything, from online banking to online shopping, and more. This makes the use of strong passwords an essential piece of the puzzle in protecting yourself from fraud. Here are a few tips to create better passwords.
Unique passwords matter. Create a unique, secure password for every site that needs one. That way if one site is compromised, your other logins will remain secure. It may take more thought, but the extra security is worth it.
Don’t use the auto-save function on your browser or device for usernames and passwords. Saving your credentials may seem easier, but if your phone or computer should get into the wrong hands, entry to your account is automatic. Also consider using a PIN for your computer or biometric authentication to access your phone as an added layer of security.
Tips for creating safer passwords
The more challenging the password, the harder it is for people or programs to figure out.
Use short phrases or partial sentences. Simple words (those that can be found in a dictionary) are easy for programs to crack. Instead, choose short phrases or sentences that offer a higher level of security.
Replacing letters with special characters. Replacing letters with special characters adds a new level of security to your password. If you are consistent with this method, it might help you remember your strong passwords across multiple sites. (For instance, always replacing the letter “a” with the @ symbol.)
Here’s an example of how to create a secure password.
- Start with a simple phrase: The rain in Spain
- Capitalize the first word and remove spaces: TheRainInSpain
- Change each “a” to @ and each “i” to 1: TheR@1n1nSp@1n
Remembering your passwords
Generally, you have two secure options to store your passwords: pen and paper; and password manager programs. If you do write them down, we recommend you not save passwords on your computer.
A good password manager will not only save you the effort of remembering dozens of different logins for all your online accounts, it will also help keep them secure by generating strong passwords that are impossible to guess, and storing them all safely in an encrypted vault. There are many password manager products on the market. Do your research and read the reviews and ratings to determine which program is the best for your needs. Consumer reports often rank the top products. Here are some examples of password manager apps that you can explore: Keepass, LastPass, 1Password, Bitwarden, Dashlane, Keeper and TrueKey.
Using safer account security questions
When you set up an account, you provide information to be included in your account profile, including selecting security questions that become part of the process of authentication the next time you log in. Like reusing passwords, selecting security questions from a drop-down menu that may be easy for others to guess is not safe. Security questions such as in what city were you born, or what high school did you go to, can be easily researched, and used to access your account. Keep in mind that if you live now, or were raised in a smaller community, some questions might be easier to figure out. Here are some tips to keep in mind:
- Use a different email address for your password recovery than you used as your registered address when you set up your account.
- Use SMS (or text messaging) to receive authentication codes as your phone’s operating system is not connected with your computer.
- When setting up new accounts, select security questions that aren’t public knowledge, or information that’s has been posted online.
Keep your digital banking safe
Online banking security is the responsibility of everyone who uses the system. We invest considerable time and money in fraud detection systems, but online banking requires vigilance on everyone’s part in order to be effective. It’s better to prevent theft than to try to recover losses later.
Here are a few things to avoid in order to protect your online banking
- NEVER log in to online banking over public Wi-Fi. This is like letting hackers “look over your shoulder” as you do your banking.
- NEVER provide personal information over the phone.
- NEVER click on attachments or links in suspicious emails or text messages. This is a very common method for hackers to gain access to your private information.
- NEVER click on an Interac e-Transfer† that you weren’t expecting. Make sure you verify the suspicious Interac e-Transfer with the sender personally before clicking.
- NEVER tell anyone your password or PIN. We will never ask you to provide us with your passwords or PINs.
Here are a few things you should ALWAYS do with your online banking
- Be wary of suspicious messages through email, text, social media, letters, and online ads that ask you to reveal private information or ask you to click through to online banking.
- Type your online banking address directly into your browser instead of clicking on a link. When online banking, always use the log out/sign out feature AND close your browser window when you’re done.
- Choose unique and secure passwords for any site that requires you to create one. Read more about how to create safe passwords.
- Keep your operating system up-to-date. Use anti-virus and anti-malware software and download the latest security patches when they become available.
- Use account and security alerts as an added layer of security. By setting up account and security alerts, you’ll receive a text or email when important changes have been made to your account.
- Review your account statements regularly to check for unexpected transactions or irregular activities.
Prevent email fraud
Often fraud starts with a simple action. If you receive an email from someone you don’t know who is offering you a gift or prize, or is seeking information, you should delete the email. Fraudsters are waiting for you to act, and by not responding you are keeping your information, privacy, and money safe. Here are ways to prevent email fraud:
- Do not provide account or personal details through an unsecured email program. If you need to send sensitive documents through email to us, speak with an SCU representative and they’ll help you get set up with our secure email portal.
- Only access your online banking from our website or mobile app. Do not use links in an email.
- Check for secure, legitimate links by hovering over them and make sure you understand where the link is going, versus where the email says it’s going. If you’re unsure, do not click the link.
- Always type the website address directly into your browser so you can confirm that it is safe.
- Do not respond to unsolicited emails claiming account closures or requiring immediate action.
- Don’t click links within emails or provide information in exchange for a “gift,” as these often link to unsecured or spoofed sites that look real but are not.
- Call the sender directly to confirm the authenticity of the information.
- Don’t be rushed into a decision when you receive an “urgent” email. Fraudsters will create a sense of urgency to make you act before you think. Be suspicious of anything (an email or phone call) that attempts to panic you into making an unsafe decision.
Protect your mobile device
As you use your smartphone or tablet to bank and shop online, it’s important to keep your personal information secure. Here are some tips to help you protect your mobile devices.
Enable password protection: A reasonably complex six-digit password will protect your phone from the average criminal if it’s lost or stolen. For convenience, most devices also offer biometric identification such as fingerprint or face ID. Remember to set your phone to lock automatically when you aren’t using it.
Don’t connect to public Wi-Fi hotspots and turn off Bluetooth: Don’t connect to unknown sources, turn on Bluetooth in public spaces, or accept files from unknown devices. Someone else could access your private login details while you are connected. Instead, use your mobile data network, which has built-in security.
SMS Phishing (or Smishing): Phishing attacks, which are misleading emails or text messages designed to trick you into clicking on a malicious link, account for more than 80% of reported security incidents. Never download attachments or click on text links that come from people or phone numbers you don’t recognize.
Make sure you have remote access: Most smartphones allow users to remotely track a device location, lock the device, erase the data, and retrieve a backup if it’s lost or stolen. If you lose your device or change your number, remove the old number from your mobile banking profile and call us immediately at 1.800.728.6440.
Use discretion when downloading apps: Only download apps from the App Store or Google Play. Even apps that seem innocent can have software designed to steal personal data, make fraudulent charges, or even hijack your phone. Be sure to also manage the apps your children can download on your device.
Keep your device and apps up to date: Updated your apps regularly and set your devices to automatically update so they can receive security patches to keep them protected. Consider replacing devices once they no longer receive software updates.
Online shopping: Avoid making purchases and banking transactions — or any communication that conveys a password, account number, or credit card number — unless you are certain that you are on a secure site and connection (i.e. https://).
Set up a PIN for account changes: If you haven’t already, call your service provider and set up a PIN that must be used before making any changes to your phone plan. This adds an extra layer of security and helps make sure only you have access to your account.
Content provided by CUMIS Risk Solutions Group.
Helpful terms you should know
Fraud can take many forms – but in each case, the fraudster is trying to get you to disclose or inadvertently share sensitive information such as passwords, credit card number, or bank account information. As you learn about fraud, here are some of the most common terms you may hear.
- Spoofing: Used to describe when a fraudulent site impersonates or “spoofs” legitimate business’s websites, tricking unsuspecting people into divulging personal information.
- Phishing: This occurs when contact is made through an unsolicited email that claims to be legitimate. Often the email requests that you verify information either through an email or via a web link.
- Smishing is the same as phishing, but refers to fraudulent text messages.
- Vishing: Many of us are exposed to vishing every day when the phone rings, as vishing is phishing by voice, using the phone to manipulate people into providing information. Often the bait is a free offer, prize or vacation that you've won. But to collect your freebie, you must first send information or money.
- Search engine phishing: Occurs when a website is created that offers cheap products or amazing deals to get it indexed by legitimate search engines appearing in the top of search engine result.
- Angler Phishing: Social media offers many ways for criminals to trick people. Fake URLs, cloned websites, posts, and tweets can all be used to persuade people to divulge sensitive information or download malware. Scammers can also create fake online customer support personas to try and persuade you to commit the requested action.
- Online advertising fraud has been relatively easy and lucrative for fraudsters, difficult for online ad platforms to control, and a financial burden for victims and legitimate advertisers.
Protect yourself from email and text-based fraud.