Fraud prevention starts with knowledge.
Learn what fraud looks like, how you can protect yourself & what we do to help keep you safe. Take control of your security by educating yourself, so you can spot it before it happens. We'll do our part to make sure you're protected when you bank with us. Together, we can stay safe from fraud.
How we protect you
We use the best security currently available in a commercial environment so that your personal and financial information is protected.
Encryption ensures that information cannot be read in transit or changed. Some browsers create a more secure channel than others, owing to the ‘strength’ of their encryption. We use only the strongest channel available - referred to as 128-bit SSL (Secure Socket Layer). Access to our databases is strictly managed and systems are in place to ensure security is not breached, including the physical security of our computer hardware and communications.
Personal Access Codes
We ensure that only individuals who provide an authentic Personal Access Code (PAC) can access your account information. After 20 minutes of inactivity your online banking session will end and you’ll be required to login again, however personal information may remain visible after that time. To ensure your information remains private you should always logout of online banking to end your session.
For more information on specific policies & practices we use to safeguard your personal and financial information see our Privacy Statement.
A little know-how goes a long way. Here are a couple quick tips & common scam examples so you can help keep your assets safe and make sure your banking is secure.
Protect & Change Your Personal Access Code (PAC)
You must protect your online security the same way you protect your home and possessions. Your PAC ensures that only you can access your accounts. It’s your responsibility to ensure that your ‘key’ to online banking is protected.
How to protect yourself
- Select a PAC that is easy for you to remember but difficult for others to guess
- Do not select a part of your PIN (your ATM ‘key’) or another password
- Keep your PAC confidential and do not share it with anyone
- Do not write your PAC down or store it in a file on your computer
- Never disclose your PAC in a voice or email, and do not disclose it over the phone
- Ensure no one observes you typing in your PAC.Change your PAC on a regular basis. We suggest every 90–120 days
How to change your PAC
- Log in to online banking
- Click on ‘Profile and Preferences’ on the left hand navigation
- Select ‘Change Personal Access Code’
- Enter your existing PAC, then enter your new PAC twice
- Select ‘Submit’
You should receive a confirmation pop-up that your PAC has been successfully changed.
Electronic identity theft can occur when you respond to a fraudulent email that asks for your personal banking information. Once received, fraudsters may be able to access your accounts or establish credit, pay for items, or borrow money using your name.
How to protect yourself
- Know that we will never ask for your personal passwords, personal information numbers or login information in an email. Legitimate financial institutions do not include links to their web sites in email communications to customers
- Look for ‘https’ in the address of secure pages that require you to enter personal account information
- Look for the padlock found in the lower right corner of your screen. If the page is legitimate, by clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details
- Type in our web address yourself to ensure you are transacting with our server
- Don’t click or open an attachment if you don’t know the email sender.If you receive a suspicious email or attachment from an email sender you know, send a new email to the individual to verify they sent it before opening
- Do not send or respond to an email where the listed email address redirects you to a different email address when replying
- Add Direct Banking Alerts to receive account activity notifications. Choose which events you wish to be notified about via text, email or both
- Be aware of “sweetheart scams” where a stranger reaches out with a claim of romantic interest, and then eventually asks for your money or financial information
- If you receive a phone call or text claiming to be from your credit union and asking for personal or financial information, call your credit union directly to verify the request before providing any info
- Be on the lookout for fake charity scams, which ramp up after catastrophes and during the holidays; verify the legitimacy of a charity before contributing to any donation requests from an unknown source
Computer & Smartphone Safety
We have provided a secure channel for our members to communicate with us. Once the information has reached your computer, it's up to you to protect it.
How to protect your computer
- Use a firewall - This is software designed to create a barrier between your information and the rest of the world. Make sure the firewall is enabled before you go online
- Install anti-virus software and anti-spyware and keep it up-to-dateIgnore spam emails or messages, beware of email messages from unknown parties, and never click on links or open attachments that accompany them
- Keep your operating systems, apps, and browser up to date. Most updates include security fixes that prevent hackers from accessing your personal informationUse complex passwords. The more secure your passwords are, the harder it is for a hacker to invade your system
Signs your computer has been compromised
- Your computer is running slower - it takes a long time to turn on or open up applications
- Your webcam or microphone turns on by itself, or your cursor moves by itself
- You start seeing more pop-up apps or plug-ins you don’t remember installing
- You get a warning. If an anti-virus warning pops up, don’t ignore it or assume it’s deleted the virus
- Your computer homepage looks different or has changed
How to protect your smartphone
- Turn off Bluetooth. Keeping your Bluetooth on but dormant opens another back door for computer hackers
- Don’t use unsecured public Wi-Fi. Password-free, widely used Wi-Fi networks have no security features and are prime targets for computer hackers
- Get a security app and install it on your phone, just like you should for a computer
- Clear your browsing history, and this will stop hackers from getting too much of your information if they can access your phone
- Opt for a randomly generated six-number passcode
Signs your smartphone has been compromised
- Your phone isn’t functioning probably and your receiving mysterious alerts and text
- Your battery drains fast, and your phone feels hot. Phone spyware is running all the time, so it uses a lot of power and drains your battery in the process
- Your friends are receiving calls or text messages from you, and you didn’t send them
- New apps are appearing on your screen
- You notice unusual activity with your accounts, watch for messages about password resets you didn’t make, or security messages notifying you that your email or social media accounts have been accessed using a new device
Public Computer Safety
You should be extra vigilant when using publicly available computers. Even if you adopt these tips to protect your information, bear in mind that even benign programs, like popular desktop search programs, can pose a security risk.
How to protect yourself
- Adjust the search program preferences so it does not store secure pages you wish to view
- Remove the stored items via the Google Desktop results page by clicking on the 'Remove item's link
- Ensure a safe and secure Internet session, only visit reputable sites
- Contact us immediately if you suspect someone has gained knowledge of your PAC/PIN, or if you suspect any loss, theft or unauthorized use of your account
Scam Prevention Tips
Scammers can target anyone. Protect yourself or your business from scams and fraud. Remember, if it seems too good to be true, it is.
How to protect yourself
- When making purchases always use your chip card when shopping in-store
- Check your financial accounts regularly to confirm you recognize all listed transactions and to ensure that all transactions are legitimate
- Create unique, complex passwords for all of your secure accounts
- Sign up for additional account verification and protection methods whenever offered (e.g. a security question or unique login code via phone/text/email)
- Purchase gift cards in store to avoid empty gift card scams
- Sign up for text/email/phone notifications through your credit union to receive immediate transaction alerts.
- Immediately contact your credit union to report suspicious card activity; if given the option, turn your card off immediately
- Be careful when downloading unfamiliar retailer/shopping apps, as fake apps are created to steal your information, especially during the holidays
What To Do If You've Been Scammed
- Change your passwords to your computer, Financial Institutions, and other password-protected websites that you visit
- Run a full system scan on your computer, or take your computer to a professional to have it scanned and virus protection software installed
- Call your Financial Institution to review your account and change any necessary passwords
- File a case with the Canadian Anti-Fraud Centre and contact the local RCMP
An intercepted e-transfer occurs when a fraudster intercepts a legitimate e-transfer and deposits the funds into a different account before the intended recipient has a chance to accept and deposit.
- You receive an email from the recipient stating they are having trouble accepting the e-Transfer
- You are asked to change the security question or provide the answer again via email
- You are asked to change the email recipient address and resend
- You receive an email from the recipient to change or confirm the password or they provide you with a password to use
How to protect yourself
- Do not communicate the e-transfer security answer via email (or in the e-transfer security question memo section)
- Choose a security question that is not easy to guess
- Call or text the recipient if they cannot accept the e-Transfer to verify
- Enroll for Autodeposit. When you are registered for this feature, e-Transfers are automatically deposited to your account
- Ensure the recipient’s contact details are correct
- Contact us immediately if you sense something suspicious
Phishing & Smishing Scams
Phishing is an unsolicited email that claims to be legitimate. You will be asked to verify, by email or clicking on a web link, personal or financial information, such as your credit card number passwords and social insurance number. Smishing is the same thing via text.
- The message is urgent and uses threatening language
- The message requests sensitive information
- The senders email address is incorrect and does not match the organizations information
- Suspicious attachments included in the email
- Unprofessional design, look for incorrect or blurry logos, or company emails with little, poor, or no formatting
How to protect yourself
- Be vigilant – a reputable company or organization will never ask for personal information by email or text
- Verify contacts - Hover over the ‘from’ email address and you will see the actual email address
- Ignore and delete emails from unknown contacts as they can carry viruses
- Be skeptical – fake emails can look like they came from a real organization. If you have any doubts, don’t use the toll-free number, email address, or website address provided because they may link you to the scammer - Always use the contact information listed on the organizations's verified website
- Never click on suspicious links or attachments. Phishing emails often include embedded links/attachments that look valid. Hover over the link and to see the real hyperlink to check if it’s accurate before clicking
- Protect your devices – Install anti-spam, anti-spyware and anti-virus software on your home computer and make sure it’s kept up to date
- If you receive a phishing email – report and delete it. Authorities may be able to warn others and alert the media to minimize the scam spreading. You should also warn your friends and family
If you’re selling an item and the buyer pays you, by cheque, far more than the asking price “by accident” and asks you to return the money, you’re likely a target of an overpayment scam.
- The email to purchase the merchandise has bad grammar or looks generic
- You are being pressured or rushed to complete the transaction
- The fraudster has no issue adding extra funds for shipping or they made a mistake and overpaid you
- They do not live near you and want to purchase the item without even seeing it
How to protect yourself
- Immediately end a transaction with anyone who overpays you
- Cancel any order requesting a portion of the payment to be refunded
- Never send money to get moneyWait for the cheque to clear before sending any merchandise in the mail
- Only accept cash, certified cheque, or e-transfer as payment
- Question anything that makes you feel suspicious – especially if it seems too good to be true
- Sell locally if possible. Ask questions if the buyer is not local or wants to pay extra for shipping
- Meet in a public, safe place to complete an exchange
Cryptocurrency Investment Scams
Cryptocurrency has gained popularity and so have the investment scams. Fraudsters have found a new avenue to take people’s money. If someone has contacted you promoting a get-rich-quick investment, or your return on funds appears to be too good to be true – do your research before sending any money!
Did you know that from January 1st to August 31st of 2021 – the Better Business Bureau (BBB) reported receiving 148 million inquires. In addition, in 2020, the BBB listed cryptocurrency scams as the #4 in the Top 10 Riskiest Scams list across Canada, with victims losing an average of $3617.
To help protect you, securities industry professionals must register with provincial and territorial securities regulators where they do business. Their registration and good standing help reassure investors (like you!) that the firms and individuals they deal with are properly qualified.
- It’s difficult to find what you will be paying
- If the exchange won’t take PayPal or a credit card
- Fake mobile apps - Are there obvious misspellings in the copy or even the name of the app? Does the branding look inauthentic with strange coloring or an incorrect logo? Take note and reconsider downloading
- Offers that come from Twitter or Facebook, especially if there seems to be an impossible result
- Fake testimonials and cryptocurrency jargon to appear credible. Promises of enormous, guaranteed returns are most likely scams
- If a caller, love interest, organization or anyone else insists on dealing in cryptocurrency
How to protect yourself
- Do you research - Join the cryptocurrency community and start talking to people on forums and news sites
- Find out what exchanges people use and which ones to stay away from
- Look for clear information on fees and the operation in general
- Look for a place that requires users to verify their identity multiple times and performs regular updates to platforms to fix security vulnerabilities & a refund policy if cryptocurrency gets stolen
- invest in more established cryptocurrencies with large followings and proven track records that are too big to be manipulated, like Bitcoin
- Don’t invest in a company that has difficulty explaining their business plan, has no history or reputation in the cryptocurrency community and no paperwork to back up their claims
- If you get sent a suspicious link don’t click it. Take a breath, slow down and wait. Carefully type the exact URL into your browser. Double check it
In an emergency scam, also known as a grandparent scam, fraudsters prey on older relatives, such as grandparents, aunts, uncles, or even aging parents, and claim to be a family member (often a grandchild) or someone representing the family member like a doctor, lawyer or policeman. They say they're in trouble and need money ASAP to pay medical bills or to be bailed out of jail. They might even claim to have abducted a family member and will harm them unless the grandparent(s) takes action immediately. Whatever the reason behind the scam, the fraudster manipulates victims by creating a sense of urgency and panic. However, once payment is made, the grandparent(s) never hear about the issue again and is out hundreds, or even thousands, of dollars.
- The fraudster gives urgent ultimatums, such as if the person doesn’t act immediately, something bad will happen
- Money is being asked for to cover expense that are not normal or haven’t been discussed previous in person (the expenses are out of character for the loved one)
- The instructions are for non-traceable or suspect payment methods, including wire transfers, cash in small bills, or gift cards
- Calls come in late at night and install confusion and fear
- Callers demand secrecy, and do not want other relatives or authorities alerted
How to protect yourself & your loved ones
- Stop, think, and avoid acting immediately! Before you do anything, reach out to the loved one via a trusted contact method, like their cell phone, home, or work number. Visit them at their home if you can, to verify their request in person. In most cases – including legal and medical scenarios – no one needs money at the immediate moment; and they definitely don’t need payments made with gift cards, or small cash bills
- Make sure all social media settings are on private and can only be seen by people you know. Be careful what you post
- Ask obscure questions that someone outside your family won't know the answer to, such as what was their first pet? What was it's name?
- Hang up and call back on a trusted number that belongs to the person who claimed to call you, even if the fraudster tells you not to!
- Trust your gut! If something isn't sitting well with you, don't ignore those feelings.If someone calls you claiming to be a police officer, hang up, and call the local authorities
- Talk about this scam and other scams out there - The more someone knows about this and other scams, the less likely they will fall for them
- Make a plan with what should be done if they receive a call. If there is a action plan in place, your loved one will know what to do and not panic
- Help your loved ones contact the local RCMP and the Canadian Anti-Fraud Centre to report the fraud
Tech Support Scam
Tech support scammers want you to believe you have a serious problem with your computer, like a virus. Ultimately, they want you to pay for a service you don't need, to fix a problem that you don't have. The scammer will ask for payment by wiring money, purchasing gift cards, prepaid cards, or e-transfer. They use these methods because they know those types of payments are hard to reverse.
Tech support scammers use many different tactics to trick people. Spotting these tactics will help avoid falling for the scam.
- Phone calls – You receive a call from a 'computer technician' at a well–known company. They say they've detected a problem with your computer, and to fix it, they need to remote access your computer
- callers state that it's urgent. If you don't allow them to access your computer, you are at risk of losing everything. Your private information will be stolen, including your banking information and social insurance number
- Pop-up warnings – A window appears on your computer screen, and it looks like an error message from your operating system or anti-virus software. It might even use logos from trusted companies or websites. Messages warn of a security issue and tell you to call a phone number to get help. Do NOT call the number; it is a direct call to the scammer, not a legitimate software or technology company
- Incorrect Search Engine Results– Scammers will try to have their websites show up in online search results for tech support. They might also run ads online
How to protect yourself
- Remember real security warnings and messages will never ask you to call a phone number
- Always research companies you find online to see if they are legit
- The best way to avoid falling victim to a tech support scam is to be wary and to protect your computer at all times
- Hang up if you receive a call from a 'computer technician': remember most genuine software companies won't call to tell you that your computer is compromised
- Keep your information secure: don't share your login information (any usernames or passwords) or computer information (IP address) with anyone
- Protect your computer: a variety of products are available to protect your computer, from anti-viruses to anti-malware, to firewalls. When kept up to date, they can reject malicious programs, such as scareware (programs designed to trick a user into buying and downloading unnecessary and potentially dangerous software) from getting onto your computer
- Update your web browser and operating system: They both have integrated defense systems that are updated regularly to keep pace with the latest virus and other malware
Identity theft happens when someone obtains your personal information and uses it to open accounts, apply for credit, or take out loans or mortgages in your name or even withdraw funds from your bank account.
Your credit can be affected before you even realize it! Fraudsters can also obtain fake passports and other government benefits in your name just by using your personal information. They may even sell your information to other criminals. What does personal information include? Driver’s license, date of birth, health card number, social insurance, credit number (including your PIN). Any information that identifies you as you! Never take the security of your personal data for granted
- You are no longer receiving your bills in the mail
- You see transactions you did not make on your credit card or bank statement
- You are declined for loans or credit even though you have a good credit score/you are approved for a loan or credit card with a higher interest rate
How to protect yourself
- Shred all documents containing personal information such as old statements and bills
- Avoid public computers or Wi-Fi to access personal information or accounts. These are not secure and can put you at risk
- Create strong and unique passwords for each and every online account. Passwords protect your devices and home Wi-Fi network
- Be aware of suspicious looking emails and text messages. Fraudsters will create emails and websites that look similar to your bank, credit card company, or mortgage lender
- Be social media savvy and don’t overshare. Use privacy controls on social media sites
- Avoid giving out any personal information over the phone, text message, email or the internetUse a secure and reputable payment service when buying online. Use URL starting with’ https’ and a closed padlock symbol
- Review your bank and credit card statements monthlyLimit the number of credit cards you carry in your wallet. This will minimize the impact if your wallet is stolen
- Remember neither CRA or your financial institution will ask you to provide personal information by email or over the phone
If you are a victim of identity theft:
- Notify your financial institution and the local police
- Contact the CRA at 1-800-959-8281 & Canadian Anti-Fraud Centre
- Report the theft to a credit reporting agency such as Equifax or TransUnion
- Keep records of recent purchases, payments, and financial transactions
- Call 1-800-O-CANADA (1-800-622-6232) for information on where and how to replace identity cards such as your health card, driver’s license, or SIN if necessary
To report a fraudulent communication, or if your identity was stolen as part of a scam, please contact the Royal Canadian Mounted Police’s Phonebusters by email at firstname.lastname@example.org or call 1-888-495-8501
Online Shopping & Auction Scams
Not all online vendors are reputable! The typical shopping scam starts with a bogus website, mobile app or social media ad. They offer popular items at a fraction of the usual cost & promise perks like free shipping and overnight delivery. If a discount sounds too good to be true, it probably is!
- Bargain-basement prices
- Shoddy website design or sloppy English
- Limited or suspicious contact options – for example, they only have fill-in contact form, or the customer-service email is a Yahoo or Gmail account, not a corporate one
- URLS with extraneous words or characters (most stores use only their brand name in web addresses) or unusual domains – for example; bargain, app or a foreign domain instead of .com or .net
How to protect yourself
- Buy from companies or individuals you know by reputation or from past experience
- Check reviews and beware of sites that don’t have any
- Read the refund & return policies carefully, including the fine print
- Use a credit card when shopping online, many offer protection and may give you a refund
- Do some research and Google the store name with the word ‘scam’ behind it and see what comes up
- Never make a deal outside the auction site
- Report! Scams can touch anyone, anywhere, at any time. If you or a family member have been contacted by a scammer, report it to Canadian Anti-Fraud Centre — even if you didn't give them any money
Romance scams cost Canadians more than $18.3 million in 2019, surpassing all other forms of fraud in terms or money lost according to the Canadian Anti-Fraud Centre. It is reported as the number 1 scam in Canada in terms of dollars lost.
Scammers will create fake online profiles to attract their victims. They might use a fictional name, or have steal the identity of real people. They will go to great lengths to gain their victims interest and trust.
- It seems too good to be true (it probably is)
- They paint a picture of an extravagant lifestyle or career
- They want to communicate personally through email or another message service and not on the originally site you met on
- You have to pay for each message you send/receive
- They want to rush the dating process and move the relationship along quickly
- They talk a lot about trust
- Their profile picture is a generic image
- They postpone meeting or video chat because they are traveling or live overseas
- They may make spelling, grammatical errors, or use phrases that don’t make sense
- Scammers may hint at financial troubles, they may share a ‘hard luck’ story from their past
- They ask for money! (The ultimate red flag)
How to protect yourself
- Never send money or give financial details on a dating site
- Trust your instincts!
- Ask questions, carefully read the terms and conditions before signing up for any online dating site
- Use legitimate and reputable dating sites
- Check websites addresses carefully! Scammers often mimic real web addresses
- Know which services are free, which cost money, and how to cancel your account
- Use their profile photo in a reverse image search to see where else it appears on the internet
- Always talk to a trusted loved one before you send money to people you have met online