Choose your settings
Choose your language
Digital security

13 tips on how to avoid, detect and report phishing scams

March 22, 2024

Phishing is one of the most common types of fraud. It involves pretending to be a financial institution or other well-known organization to trick someone into giving away their money or confidential information. Scammers contact a large number of people by email, text, phone and even social media in the hopes of hooking just a few. Read on to find out how you can protect yourself from taking the bait.

Tips for avoiding phishing scams

1. Think before you click.

You could install malware on your device without even knowing—just by clicking a link, image or file or downloading content. Links can also send you to fake sites where scammers collect your banking information, password and other valuable information.

If you get a suspicious message or you're not sure about the sender, just don't click.

2. Be wary of anyone asking for personal or financial information.

Phishing isn't always about stealing your money. Sometimes scammers want your password so they can get into your accounts with financial institutions, social media and online retailers, for example. Then they use your personal and financial information to open a fraudulent account or apply for a loan.

Be careful if someone asks you for this kind of information, especially if you're not the one who started the conversation.

3. Protect your devices.

Choose strong passwords that no one can guess—not even your family or friends. Use at least 12 characters including upper and lower case letters, numbers and special characters. Choose a different password for every account. Use a password manager to keep track of all your passwords. That way, you only have one password to remember!


Don't pick something that could be easy to guess, like the name of your pet or a family member. Instead, memorize a special phrase that only you will know. For example, think up a sentence and use the first letters of each word and some numbers. That way, your password will only make sense to you.

Keep your devices and software up to date and use antivirus software.

Lastly, turn on 2-step verification whenever you have the option. It boosts the security on your account. With 2-step verification, you'll be asked to enter your password and then a single-use code that's sent to you by email or text.

Yes, Desjardins does send emails and texts

We use email and text to send factual information and alerts. For example, you might receive a message to let you know that your account statement is available or that your credit card bill is coming due. We may also send you an email or text if we notice suspicious activity on your credit card or AccèsD account. Learn more about how security alerts work.

4. Don't share your login information with anyone.

It's an easy way to prevent your password for your banking account and personal identification number (PIN) for your debit or credit card from falling into the wrong hands. If you share this information with other people, you can be held responsible for all the transactions in your account—even fraudulent ones.

5. Limit what you share on social media.

It may seem like no big deal to share your birthday, where you live or work, or where you went on your last vacation, but scammers use this kind of information to make their messages even more convincing. This type of psychological manipulation is known as social engineering.

It involves pretending to be someone the victim trusts to get them to share information. For example, while you're away on vacation, scammers could steal your identity and try to trick friends and family into sending them money by pretending you're in trouble.

How to spot phishing scams

6. Check if there really is an emergency or problem.

A lot of scams involve some kind of unexpected situation or problem that requires you to act fast, without thinking things through. For example, they might ask you to update your personal information or risk having your accounts frozen or closed. Or you might be told that you have to pay a fee because a package for you has been held at the border.

Check what's going on by calling the person or company directly. Don't use the contact information in the message you receive: go online and find the official number yourself.

7. Remember there's no such thing as easy money.

Ah! Who can resist free stuff? It's pretty unlikely that you won a contest you never entered, that a company issued you a credit without you ever asking for it, or that you received your tax refund by Interac ®e-Transfer. If someone is offering up free cash, you should hear alarm bells ringing.

8. Put your curiosity aside.

Did a message grab your attention? Consider whether someone you know would really send you a vague message saying "Is it you in this video?!" and asking you to open an attachment. It's much more likely that their account or email was hacked and that cybercriminals are trying to use your curiosity to their advantage.

9. Beware of unusual requests.

In a given situation, does it seem normal for someone to ask you to do certain things or provide certain information (like your social insurance number, password or PIN)? For example, the tax authorities and your financial institution would never ask you to pay them in gift cards. It's also odd to get a renewal request for a service (like Geek Squad or an antivirus software) that you never had.

What should you do if you're a victim of phishing?

Oops, you clicked the link? Whether or not you provided any personal or confidential information, here's what you need to do:

10. Report the phishing attempt.

Forward the email or text message to so we can inspect it. However, we won't follow up with you. Don't do anything else with the message: Just delete it.

11. Keep an eye on your banking accounts and have your device checked.

Regularly check your banking and credit card accounts for suspicious transactions.

Also check for malware or unusual software on the device you were using during the phishing attempt. One way to do this is by running your antivirus software. This step will help prevent scammers from spying on your actions.

12. Change all your passwords.

Do it quickly so that scammers don't do it first and lock you out of your various accounts. Use a different device than the one that may have been hacked, in case spyware is tracking your actions and recording your new login information.

Who should you report it to?

If you gave out your personal or confidential information, here's what you need to do:

13. Quickly notify these organizations.

Notify the following organizations to prevent scammers from opening fraudulent loan or credit card accounts in your name and boost security for your account:

  • Your financial institution and any other financial partners
  • Credit bureaus Equifax and TransUnion
  • The Canadian Anti-Fraud Centre

Phishing scammers use different means of communication and a wide range of scenarios to try to get your money and personal information. Be careful, stay on top of the latest scams and fraud, and if something happens, act quickly to protect your identity.

Want to read more?

® Interac e-Transfer is a registered Trade-mark of Interac Corp.  Corporation Used under licence.