One-third of Canadians have experienced a phishing attempt during the pandemic. While anyone can be targeted, educating yourself about the various strategies scammers use can reduce the risks of getting caught in their nets. Here are some tips to detect and fight back against phishing attempts.
There are many sharks circling the pandemic waters, taking advantage of any opportunity to prey on people’s insecurity and trick them into giving up sensitive information.
These scammers use a whole arsenal of ploys to achieve their goal.
Fishing for bites
Phishing is a deceptive means of getting personal information. It often involves sending an email, text or social media message from what looks like a real financial institution or well-known company.
By throwing as many lines in the water as possible, scam artists are counting on at least a few people biting and getting them to give up their personal information or click on a link.
The goal is always the same: to get your money!
How many take the bait?
Phishing is the third most commonly reported scam in Canada2 1 in 10 Canadians have unknowingly replied to a phishing email.3
Detecting the signs
Did you get an email, text, or social media message that smells a little fishy? Careful: scammers don’t always ask for money; they’re often trying to get you to do something impulsive that will reveal some personal information.
1. Sometimes, they lay a trap by indicating a problem. They might tell you you’ve been the victim of a phishing attempt! They’ll ask you to fix the problem by entering your personal information.
2. They might dangle a small or large amount of money or make you think you get some special benefit or prize to try to get your personal information.
3. There’s often a sense of urgency. The goal is to get you to act impulsively and immediately, so they’ll play on your feelings, including fear and empathy.
4. Other times they’ll pique your curiosity so you’ll want to click a link or open the file they’ve sent. Fraudsters often hack accounts and profiles to pass themselves off as someone you know.
To learn more about the telltale signs of a phishing email, read this article.
Here are 2 scams that are popular right now
Account login
You receive an email or text asking you to change your password or update your account by clicking a link or opening an attachment. Here’s an example, with various clues that indicate you’re being phished:
It’s important to take a step back so you can determine whether or not the message is legitimate before taking any action.
Interac® e-Transfer to rent an apartment
You’re looking for an apartment and find one you want to see. It sounds great!
The person who listed it tells you they aren’t able to show you the place because they live far away and asks you to make a deposit to show you’re serious. They ask you to send them an Interac e-Transfer, without answering the security question.
Since your e-Transfer can’t be deposited, you let your guard down and send them the money.
Soon after, you get another message asking you to authenticate and verify the transfer. The message might look like it’s from Interac. You click the link provided and are prompted to answer the security question.
This type of fraud also happens when buying a car or pet.
The person who listed it tells you they aren’t able to show you the place because they live far away and asks you to make a deposit to show you’re serious. They ask you to send them an Interac e-Transfer, without answering the security question.
Since your e-Transfer can’t be deposited, you let your guard down and send them the money.
Soon after, you get another message asking you to authenticate and verify the transfer. The message might look like it’s from Interac. You click the link provided and are prompted to answer the security question.
The message was actually from the scammer, and you just gave them the answer that allows them to deposit your e-Transfer!
What to do (or not to do) if you get a suspicious message?
1. Take a step back. If you have even the slightest doubt:
- Don’t click the link in a text or image
- Don’t open any attachments
- Don’t download images
- Don’t reply to the sender
2. Take a close look at what you received:
- Do you recognize the signs mentioned above? You can bookmark this article and refer back to it if you have any doubt.
- Refer to the Canadian Anti-Fraud Centre or Interac e-Transfer best practices.
Remember: Like any good fishing story, if it seems too good to be true, that’s because it usually is!
3. Report it
If you clicked a link or downloaded or opened a suspicious attachment, contact the Canadian Anti-Fraud Centre before calling your financial institution. You can find the number on your account statement or the back of your credit or debit card.
1. If you’re a Desjardins member, forward the email or text to: protection@desjardins.com
2. Forward suspicious texts to 7726 to report the fraud to your service providers. You’ll receive an automated response, which you can then delete.
4. Don’t engage with the sender and be sure to delete the suspicious message.
Prevent it by increasing your protection
Desjardins cybersecurity specialists are always working extra hard to deploy the resources needed to give members peace of mind. To make your connection even more secure, you’re now required to use 2-step verification to log in to your AccèsD accounts.
Set up 2-step verification
1. After you enter your username in AccèsD, you receive a single-use security code by text, notification in the Desjardins mobile app or even on your landline.
2. Use this code to log in to your account.
When you log in using a trusted device, tick the box labelled Don’t ask again on this device (mobile app) or Don’t ask again on this browser (computer). That way, you’ll no longer have to enter a code every time you log in from that device or browser.
Desjardins does use email and text messaging
We send emails and texts to share factual information only. For example, you might receive a message or alert letting you know that your statement is available or that your credit card balance is approaching the limit.
Desjardins protects you with security alerts
You might also receive a text message asking you to confirm a credit card purchase or a log-in attempt to your account. We will only ever ask you to reply Yes or No. You don’t have to sign up; you only have to have provided us with your cellphone number. These messages are a fast and secure way for us to communicate real information to you.
To update your cellphone number, just log in to AccèsD and choose your credit card. Click “Manage Card” and “Manage account” You can then change your cellphone number under “Change your address.”
By making your account more secure with 2-step verification, recognizing the signs and getting into the habit of reporting fraud, it’ll be harder for online scammers to catch you!