FAQ – Fraud and identity theft – Phishing

Lower RRIF minimum withdrawals

If you want to know more about the government’s announcement to lower RRIF minimum withdrawals, speak to your caisse advisor or go to the Government of Canada website - External link. This link will open in a new window..

If you receive a suspicious email or text message:

  1. Don't click any links, texts or images.
  2. Don't open any attachments or activate any document macros.
  3. Don't download or authorize any images.
  4. Don't reply to the sender. It only confirms that your email is valid.
  5. Forward the email or text message to protection@desjardins.com - This link will open your default email management software.. You will receive an automated reply.
  6. Delete the email or text message.

If you have provided any confidential information:

  • Change your password for the site immediately.
    • Just clicking the link in a fraudulent email or text message could infect your computer with a virus or malicious software that could give fraud artists access to all of your new passwords. Before changing your password, make sure your computer doesn't have any viruses or use a different computer.
  • Follow the same procedure for all of your confidential passwords.

If you have provided confidential information:

  • Contact Desjardins Card Services Security Group so they can investigate.
    • Montreal area: 514-397-8649
    • Elsewhere in Canada and the U.S.: 1-866-335-0338
    • Other countries: 514-397-4610 (call collect)

We also recommend that you contact credit agencies such as Equifax (1-800-465-7166 or 514-493-2314) and TransUnion (1-877-713-3393 or 514-335-0374), so they can add a note to your file alerting credit grantors that you may have been the victim of fraudulent activity.

Test your web security knowledge and behaviour - External link. This link will open in a new window.

To learn more, see 3 telltale signs of a phishing email - This link will open in a new window..

Phishing is a fraudulent ploy that scam artists use when they send mass emails or text messages that look like they're from a financial institution or legitimate company.

The emails and text messages are used by ill-intentioned people to steal your personal information or install malicious software on your computer, prompting you to click links or open attachments.

This kind of attack can cause serious damage: you could lose your data and the thieves could steal your personal information to commit further fraud.

Protect yourself by being vigilant and recognizing phishing attempts. A phishing email can take many forms but one common feature is that it's always unsolicited.

What to do if you receive a fraudulent email or text message?

What to do if you've clicked a link or opened an attachment in an email or text message?

Desjardins may have contacted you by email for various reasons: promotion of various products, client satisfaction survey, etc. However, Desjardins never sends unsolicited emails or text messages that prompt you to:

  • reveal confidential information like your debit card number, PIN, birthdate, driver's license number, social insurance number or password.
  • go to a website where you have to log in with your username and password (e.g., AccèsD) or enter confidential information.

We recommend that you take the time to read the email before doing anything else. To learn more about how to recognize a phishing email, see 3 telltale signs of a phishing email - This link will open in a new window..

Desjardins has implemented 24-hour active surveillance to ensure a quick reaction if fraudulent email is detected.

In addition, Desjardins scrutinizes each email and text message you submit if you believe it may be fraudulent, and works with authorities and Internet service providers to close down phishing sites.

To learn more about how to recognize a phishing email or text message, see 3 telltale signs of a phishing email - This link will open in a new window..

Scammers may have obtained your email address from a variety of sources.

  1. They may have used a spam mailing list on which your address is listed with or without your consent. (These lists are sometimes created from online contest entries. Always be sure to check out the legitimacy of a company before you enter their online contest.)
  2. They may have obtained your address via spyware installed without your knowledge on your PC. (Make sure your computer is protected against spyware.)
  3. They may have created hundreds of thousands of email addresses randomly by combining first and last names and known domain names, one of which happens to be your personal email address

Once scam artists find an email address that works, they may be tempted to send emails to that address over and over again.

Though phishing is generally associated with email, some computer criminals use the phone as well. In this case, pirates call victims on the phone and pose as a financial institution employee, an investigator or a police officer.

To learn more about how to recognize a phishing email, see 3 telltale signs of a phishing email.

In order for attempted phishing to be successful, scammers have to create a phony website on the Web.

If you use a recognized search engine, you may come across phony Desjardins websites in your search results.

Desjardins always takes immediate action to shut down these fraudulent sites but sometimes, a few minutes or a few hours may go by before the appropriate authorities and ISP providers can act.

Never go to a Desjardins site via a search engine. Always type www.desjardins.com in your address bar and click Log in.

If you think you may have provided personal information, see I clicked a link or opened an attachment in a fraudulent email or text message. What do I do?

To learn more about how to recognize a phishing email, see 3 telltale signs of a phishing email.

No, your account and the AccèsD banking website do not have an end date and cannot expire. Only you can decide to close your account or stop using online banking.

There are easy things you can do to avoid falling victim to a phishing scam. Before you click links or open attachments:

  1. Were you expecting the email or text message?
  2. Pay attention to the type of situation that would try to incite a reaction from you:
    • Urgency
      The goal is to try to get you to do something quickly, without thinking about it first by stressing some kind of urgency.
    • Profit
      The goal is to get you to believe you received some unsolicited benefit or financial gain. Scam artists use profit to try to get you to reveal personal information.
    • Problem
      The goal is to alert you to a problem in your account, prompting you to reveal personal information in order to solve the issue.
  3. Check that the sender's email address is familiar and legitimate, particularly the part after the @. Is it a personal or company address?
  4. Move your cursor over the link (but don't click) to check that the address is legitimate and belongs to the company that sent it (watch for similar addresses).
  5. Assess the email or text message's relevance and plausibility. Be aware! Ask yourself if you've really entered that contest. Are you expecting a parcel? Is the procedure normal? Is it too good to be true?
  6. Don't open attachments if you don't know who sent them.
  7. Never answer an email that asks for personal information, no matter wo sent it.
  8. Never provide confidential information that can be used to authenticate your identity by email or text message (e.g., social insurance number, credit card number, birthdate, password, etc.).
  9. Never share your password with anyone, with Desjardins employees or with police representatives. Real employees and police officials know that they have no right to ask you for this information.
  10. Curb your curiosity and be wary of recognized logos and visual identities that are easily copied and can look like a real email, text message or website.
  11. Always use your browser to go to www.desjardins.com.
  12. Look for a closed padlock in your browser's status bar, ensuring you are in a secured online environment. Also make sure the address displayed has an "s" in "https". You should also be able to view the site's digital certificates by double-clicking on the little closed padlock in your browser's status bar.

Also ensure your personal computer is adequately protected.

  • Install all of your software's security updates.
  • Install a version of anti-virus software that includes automatic updates.
  • Install anti-spyware software.
  • Install anti-spam software.

To learn more, go to the Security centre.

If you provided information about your identity, such as your date of birth, social insurance number or driver’s licence number, the scam artist could try to steal your identity and use the information to get a credit card, loan or line of credit at another financial institution.

Learn more about identity theft.

Not at all. Phishing is being practiced increasingly throughout the world and principally at financial institutions.

To learn more, go to Security centre.

See all questions

Can't find the answer to your question?

AccèsD Internet users

Write to us through your secure AccèsD message box


Write to us for general inquiries