Learn to recognize how fraudsters use phishing scams to steal your personal and confidential data.

What is phishing?

Phishing is a type of fraud scheme or ploy. It occurs when someone posing as a legitimate financial institution or established company sends fraudulent mass emails or text messages.

Cybercriminals use these types of messages to try and get you to click links, images or files that redirect you to a phony website. Then they can get their hands on your information or install malware on your device with you none the wiser.

Fraudsters also vary these tactics on social media or over the phone to achieve their goals.

How to spot phishing scams

Phishing messages and phone calls are unsolicited. Fraudsters create a sense of urgency, promise monetary gain or claim there's a problem to get you to act without thinking and share your information.

Telltale signs of phishing


You're pressed to update your bank account details, pay a tax agency or donate money after a tragic event.


Someone tells you that you've won a trip or prize, or received some money in your account.


You're told there's an urgent problem with your bank account, your operating system or a package delivery.

13 tips on how to avoid, detect and report phishing scams

Recognizing a fake website

Fraudsters try and trick you into visiting "spoofed" or fake sites by using real names and logos. Some clues can help you spot a fake and avoid falling for it.

  • Poor website design, unprofessional image
  • Broken links and sloppy spelling
  • Hard-to-locate company policies and contact information
  • Questionable timing of prompts for information

How to react if you suspect a phishing attempt

Stop and take a calm look at the message received. Avoid clicking any links or opening any images or attachments. Don't reply to the sender. It only confirms that your email is valid.

3 things to check

Email address

Do you recognize the sender's email address? Does it look legitimate? Take a close look at the part after the at sign (@) symbol. Is it a personal or company address?


Inspect the link to determine if it really leads to a legitimate business website. Pay close attention as fraudsters often change just one letter in the hopes of slipping under your radar.

  • To inspect a link from your computer, hover your cursor over it without clicking.
  • On a mobile device, press the link for a few seconds until a pop-up window showing you the full link opens.


Ask yourself if there's good reason or logic behind the request to act quickly. Was it something you expected?

If you have any suspicions, use an official number to contact your financial institution or the organization in question. Never call a number included in a suspicious message.

Reporting a fraudulent email or text message

  1. Forward the email or text message to so we can inspect it. We'll send you an automated response. There will be no further follow-up.

    In addition, follow your mobile service provider's reporting procedure for fraudulent texts.

  2. Delete the fraudulent email or text message.

What to do if you've clicked a link or opened an attachment

If you did not provide any personal or confidential information, report the phishing message. Make sure your device is virus-free, change all your passwords and keep tabs on your banking activities.

If you did provide personal or confidential information, report the phishing message and contact our security team and the authorities right away.

Who to contact if you've fallen victim to a phishing attack

Our security team

Montreal area:

Elsewhere in Canada and the US:

Other countries:
514-397-4610 (collect call)


Report phishing attempts to the Canadian Anti-Fraud Centre and follow the recommendations for what to do if you're a victim of fraud.

Credit agencies

If you think your identity has been stolen, contact credit agencies to have a fraud alert added to your file.

Equifax: 1-800-465-7166

TransUnion: 1-877-713-3393

How to better protect against phishing scams

Be extra careful online to protect your information from phishing attempts.

3 good habits

Think twice before you click

Take a close look at any messages you get, especially unsolicited ones.

Stay informed

Make sure you know about the latest online scams.

Protect your devices

Install antivirus software and a firewall to protect against threats. And be sure to update them regularly.

Enhance your account security on AccèsD

Turn on 2-step verification to add an extra layer of security when you log in and keep cybercriminals out.

Learn more about 2-step verification

Further reading

FAQ – Phishing