Phishing and Vishing Scams

Phishing Scams

Phishing is a scam in which criminals create forgeries of emails and websites. These criminals will request an individual’s personal information by asking a customer to update or validate their account information through the forged e-mail. These e-mails may look authentic and contain the company’s logos and branding.  These emails and websites are designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social insurance numbers, etc. by hijacking the trusted brands of well-known financial institutions, online retailers and credit card companies. 

Phishers are able to convince up to 5% of recipients to respond to them.

Prevent Phishing

  • Do not reply or click on a link in an e-mail that asks you to verify financial or personal information.
  • Contact the company in the e-mail using a telephone number or other form of communication to verify legitimacy of the e-mail request.
  • Review credit card and your financial account statements regularly and check for unauthorized charges.
  • Don’t follow links to your financial institution’s website if they are sent through e-mail messages. Type the address yourself.

e-Transfer Phishing Scam

An e-transfer phishing scam is currently circulating via mobile devices. You will receive a message stating for you to click on a link to retrieve a refund. THe message states: "INTERAC E-transfer: Your Mobility service was overcharged by 53.45$. Click here to refund your funds: http://refun38-payme19.com /."

Receive an Interac e-Transfer Notification You Weren't Expecting?

Exercise caution. If you receive a notification for an Interac e-Transfer that you weren’t expecting, contact the sender through a different communication channel to verify. If the notification comes from someone you don’t know, or you suspect it may be fraudulent, do not respond or click any links. Forward the email to phishing@interac.ca

For more information please visit: Interac - Security.

    Vishing Scams

    Vishing is a combination of “voice” and “phishing”. Vishing is when a consumer receives a recorded messages indicating their card or financial institution account has been breached and to immediately call a number provided in the recorded message. The phone number links the consumer to a fraudulent call center established by criminals looking to steal consumers’ personal information.

    Prevent Vishing
    • Be suspicious when receiving messages directing you to call and provide personal, confidential and account related information.
    • Do not provide any information – contact your financial institution or card company directly to verify the message.
    • Do not use contact information provided in the suspicious message.

     

      Protect Yourself - Use Safe Internet Practices

      If you feel uneasy about an email you've received or a website you've been accessing, follow 3 simple rules:

      1. Stop - Phishers typically include upsetting or exciting (but false) statements in their email messages with one purpose in mind. They want people to react immediately to that false information, by clicking on the link and inputting the requested data before taking the time to think through what they are doing.  Resist the impulse to click immediately. No matter how upsetting or exciting the statements in the email may be, there is always enough time to check out the information more closely.
      2. Look - Look more closely at the claims made in the email, think about whether those claims make sense, and be highly suspicious if the email asks for numerous items of personal information such as account numbers, usernames or passwords, etc.
      3. Call - If the email or website claims to be from a legitimate company or financial institution, users should call or email that company directly and ask whether the email is really from that company. To be sure that they are contacting the real company, credit card holders can call the toll-free number on the back of their cards. Never call the number given in the email to confirm the validity of the content as it will lead to the criminals who sent the email and they will verify whatever was said. Obtain valid company phone numbers from trusted sources such as the phone book.

      Always question any attachments or links that arrive in email messages, but especially from sources that are suspicious. But remember that with phishing, it's likely one of these will arrive appearing it comes from someone or an organization that is trusted. If it's not expected, exercise caution and really think about whether it's a good idea to open that link or attachment.

      Take a moment to ensure there are none of the following indicators of phishing email:

      • Misspelled words
      • Improper use of the language
      • Poor grammar and punctuation
      • Slight differences in any URLs listed in the message from the legitimate URL
      • A return email address that is suspicious
      • A link that, when the mouse hovers over it, doesn't match where you expect it should
      • Formatting and layout mistakes

      While it isn't unheard of to receive an email with a typo now and then, it should still be questioned if there is a link and you are asked to click to update credentials or change any account details. Financial institutions will not do this, but will ask you to make necessary modifications to your information when you log in directly to your accounts. It is recommended that any time a link is received in email, you hand type the address into the browser so that it goes where you intend and doesn't get redirected to a malicious site.

      Diamond North Credit Union does not call or email you for your personal information.  Although to protect your privacy, you may be asked to update or verify personal information when you call us.

      For updates and recent fraud scams refer to the Canadian Anti-Fraud Centre.

       

      I WANT TO