FAQ – Fraud and identity theft – Phishing
Phishing involves sending fraudulent messages to a large audience. Spear phishing, on the other hand, targets a specific individual or group. Common targets are employees of large companies or government agencies. Fraud artists send them personalized messages to trick them into giving out sensitive information so they can hack into their employer's network.
If you receive a suspicious email or text message:
- Don't click any links, texts or images.
- Don't open any attachments or activate any document macros.
- Don't download or authorize any images.
- Don't reply to the sender. It only confirms that your email is valid.
If you have provided any confidential information:
- Change your password for the site immediately.
- Just clicking the link in a fraudulent email or text message could infect your computer with a virus or malicious software that could give fraud artists access to all of your new passwords. Before changing your password, make sure your computer doesn't have any viruses or use a different computer.
- Follow the same procedure for all of your confidential passwords.
If you have provided confidential information:
- Contact Desjardins Card Services Security Group so they can investigate.
- Montreal area: 514-397-8649
- Elsewhere in Canada and the U.S.: 1-866-335-0338
- Other countries: 514-397-4610 (call collect)
We also recommend that you contact credit agencies such as Equifax (1-800-465-7166 or 514-493-2314) and TransUnion (1-877-713-3393 or 514-335-0374), so they can add a note to your file alerting credit grantors that you may have been the victim of fraudulent activity.
To learn more, see 4 telltale signs of a phishing email - This link will open in a new window..
Phishing is a fraudulent ploy that scam artists use when they send mass emails or text messages that look like they're from a financial institution or legitimate company.
The emails and text messages are used by ill-intentioned people to steal your personal information or install malicious software on your computer, prompting you to click links or open attachments.
This kind of attack can cause serious damage: you could lose your data and the thieves could steal your personal information to commit further fraud.
Protect yourself by being vigilant and recognizing phishing attempts. A phishing email can take many forms but one common feature is that it's always unsolicited.
Yes. We contact you by email for various reasons: to promote products or to send you a satisfaction survey or facts about your account, for instance. We also send security alerts by text message to confirm your identity if we detect a suspicious login to your AccèsD account or unusual activity on your credit card.
However, we never ask you to reply to these messages with your login credentials, social insurance number or other personal or confidential information. And we never ask you to go to AccèsD or other websites where you have to log in or enter your information.
To learn more about how to recognize a phishing email, see 4 telltale signs of a phishing email - This link will open in a new window..
Desjardins has implemented 24-hour active surveillance to ensure a quick reaction if fraudulent email is detected.
In addition, Desjardins scrutinizes each email and text message you submit if you believe it may be fraudulent, and works with authorities and Internet service providers to close down phishing sites.
To learn more about how to recognize a phishing email or text message, see 4 telltale signs of a phishing email - This link will open in a new window..
Scammers may have obtained your email address from a variety of sources.
- They may have used a spam mailing list on which your address is listed with or without your consent. (These lists are sometimes created from online contest entries. Always be sure to check out the legitimacy of a company before you enter their online contest.)
- They may have obtained your address via spyware installed without your knowledge on your PC. (Make sure your computer is protected against spyware.)
- They may have created hundreds of thousands of email addresses randomly by combining first and last names and known domain names, one of which happens to be your personal email address
Once scam artists find an email address that works, they may be tempted to send emails to that address over and over again.
Though phishing is generally associated with email, some computer criminals use the phone as well. In this case, pirates call victims on the phone and pose as a financial institution employee, an investigator or a police officer.
To learn more about how to recognize a phishing email, see 4 telltale signs of a phishing email.
Yes. As part of their phishing scams, fraudsters create fake websites, which sometimes appear in search engine results.
If a phony Desjardins website is created, we take immediate action to shut it down. A few minutes or a few hours may go by, however, before the authorities and internet service providers can act. To be safe, always type www.desjardins.com in your address bar to access the Desjardins website.
There are easy things you can do to avoid falling victim to a phishing scam. Before you click links or open attachments:
- Were you expecting the email or text message?
- Pay attention to the type of situation that would try to incite a reaction from you:
The goal is to try to get you to do something quickly, without thinking about it first by stressing some kind of urgency.
The goal is to get you to believe you received some unsolicited benefit or financial gain. Scam artists use profit to try to get you to reveal personal information.
The goal is to alert you to a problem in your account, prompting you to reveal personal information in order to solve the issue.
- Check that the sender's email address is familiar and legitimate, particularly the part after the @. Is it a personal or company address?
- Move your cursor over the link (but don't click) to check that the address is legitimate and belongs to the company that sent it (watch for similar addresses).
- Assess the email or text message's relevance and plausibility. Be aware! Ask yourself if you've really entered that contest. Are you expecting a parcel? Is the procedure normal? Is it too good to be true?
- Don't open attachments if you don't know who sent them.
- Never answer an email that asks for personal information, no matter wo sent it.
- Never provide confidential information that can be used to authenticate your identity by email or text message (e.g., social insurance number, credit card number, birthdate, password, etc.).
- Never share your password with anyone, with Desjardins employees or with police representatives. Real employees and police officials know that they have no right to ask you for this information.
- Curb your curiosity and be wary of recognized logos and visual identities that are easily copied and can look like a real email, text message or website.
- Always use your browser to go to www.desjardins.com.
- Look for a closed padlock in your browser's status bar, ensuring you are in a secured online environment. Also make sure the address displayed has an "s" in "https". You should also be able to view the site's digital certificates by double-clicking on the little closed padlock in your browser's status bar.
Also ensure your personal computer is adequately protected.
- Install all of your software's security updates.
- Install a version of anti-virus software that includes automatic updates.
- Install anti-spyware software.
- Install anti-spam software.
To learn more, go to the Security centre.
If you provided information about your identity, such as your date of birth, social insurance number or driver’s licence number, the scam artist could try to steal your identity and use the information to get a credit card, loan or line of credit at another financial institution.
Learn more about identity theft.
Not at all. Phishing is being practiced increasingly throughout the world and principally at financial institutions.
To learn more, go to Security centre.
Yes. We sometimes send alerts with facts about your accounts and cards. For example, we can tell you that your monthly statement is available or that you're approaching your credit limit. But these messages don't require a reply.
Can't find the answer to your question?