Phishing: how to detect, report and prevent it

One-third of Canadians have experienced a phishing attempt during the pandemic.1 While anyone can be targeted, educating yourself about the various strategies scammers use can reduce the risks of getting caught in their nets. Here are some tips to detect and fight back against phishing attempts.

There are many sharks circling the pandemic waters, taking advantage of any opportunity to prey on people’s insecurity and trick them into giving up sensitive information.

These scammers use a whole arsenal of ploys to achieve their goal.

Fishing for bites

Phishing is a deceptive means of getting personal information. It often involves sending a message, like an email or text, from what looks like a real financial institution or well-known company.

By throwing as many lines in the water as possible, scam artists are counting on at least a few people biting and getting them to give up their personal information or click on a link.

The goal is always the same: to get your money!

Detecting the signs

Does it strike you as strange to get a request like this by email or text? Careful: scammers don’t always ask for money; they’re often trying to get your personal information.

  1. Sometimes, they lay a trap by indicating a problem. They might tell you you’ve been the victim of a phishing attempt! They’ll then prompt you to enter your personal information to resolve it.
  2. They might dangle a small or large amount of money to try to get your personal information.
  3. There’s often a sense of urgency. The goal is to get you to act impulsively and immediately.

To learn more about the telltale signs of a phishing email, read this article - This link will open in a new window..

Here are 2 scams that are popular right now

Account login

You receive an email or text asking you to change your password or update your account by clicking a link or opening an attachment. Here’s an example, with various clues that indicate you’re being phished:

email

It’s important to take a step back so you can determine whether or not the message is legitimate before taking any action.

Interac® e-Transfer to rent an apartment

You’re looking for an apartment and find one you want to see. It sounds great!

The person who listed it tells you they aren’t able to show you the place because they live far away and asks you to make a deposit to show you’re serious. They ask you to send them an Interac e-Transfer, without answering the security question.

Since your e-Transfer can’t be deposited, you let your guard down and send them the money.

Soon after, you get another message asking you to authenticate and verify the transfer. The message might look like it’s from Interac. You click the link provided and are prompted to answer the security question.
texto

The message was actually from the scammer, and you just gave them the answer that allows them to deposit your e-Transfer!

This type of fraud also happens when buying a car or pet.

What to do (or not to do) if you get a suspicious message?

1. Take a step back. If you have even the slightest doubt:

  • Don’t click the link in a text or image
  • Don’t open any attachments
  • Don’t download images
  • Don’t reply to the sender

2. Take a close look at what you received:

Remember: Like any good fishing story, if it seems too good to be true, that’s because it usually is!

3. Report it

Contact the Canadian Anti-Fraud Centre before calling your financial institution. You can find the number on your account statement or the back of your credit or debit card.

  1. If you’re a Desjardins member, forward the email or text to: protection@desjardins.com
  2. Forward suspicious texts to 7726 to report the fraud to your service providers. You’ll receive an automated response, which you can then delete.

4. Don’t engage with the sender and be sure to delete the phishing email or text.

Prevent it by increasing your protection

Desjardins cybersecurity specialists are always working extra hard to deploy the resources needed to give members peace of mind. They recommend boosting the security of your accounts by adding a security code on top of your password to limit the risk of fraud.

Set up 2-step verification

  1. After you enter your username in AccèsD, you’ll receive a one-time security code by text or a notification in the Desjardins mobile services app.
  2. Use this code to log in to your account.

When you log in using a trusted device, tick the box labelled Don’t ask again on this device (mobile app) or Don’t ask again on this browser (computer). That way, you’ll no longer have to enter a code every time you log in from that device or browser.

Desjardins does use email and text messaging

We send emails and texts to share factual information only. For example, you might receive a message or alert letting you know that your statement is available or that your credit card balance is approaching the limit.

Desjardins protects you with security alerts

You might also receive a text message asking you to confirm a credit card purchase or a log-in attempt to your account. We will only ever ask you to reply Yes or No. You don’t have to sign up; you only have to have provided us with your cellphone number. These messages are a fast and secure way for us to communicate real information to you.

To update your cellphone number, just log in to AccèsD and choose your credit card. Click “Manage Card” and “Manage account” You can then change your cellphone number under “Change your address.”

By making your account more secure with 2-step verification, recognizing the signs and getting into the habit of reporting fraud, it’ll be harder for online scammers to catch you!

External links

1. Statistics Canada, 2020. https://www150.statcan.gc.ca/n1/daily-quotidien/201014/dq201014a-eng.htm - External link. This link will open in a new window.

®Interac is a registered trademark of Interac Inc. Used under licence.

Recommended for you