Fraud Awareness Month

March is Fraud Awareness Month! This is an important time for everyone to learn about fraud and how to protect themselves against it. Fraud can happen to anyone, so it's important to be aware of the warning signs and take steps to protect yourself.

At Stoughton Credit Union, we prioritize your financial security. We believe in empowering our members with knowledge to protect themselves against fraud. Stay informed and vigilant to safeguard your hard-earned money. Join us in the fight against fraud and keep your finances safe with Stoughton Credit Union. We'll look over the top 3 scams that affect Canadians below.

Investment Fraud

An investment scam is any solicitation for investments into false investment opportunities. These opportunities falsely promise higher-than-normal returns.

However, investors lose most or all their money.

example: A “friend” tells you about a crypto currency investment opportunity via social media or email. But
this “friend” is actually a fraudster who has either hacked or spoofed one of your contact’s accounts in order to scam you

Romance Scams

A cyber criminal invests time into building a fake trusting and affectionate relationship with a target to steal money or personal information from them. The cyber criminal creates a believable and detailed story for why they need the money or information to trick their target.
After the fraudster has built trust with you might request money for travel, a medical emergency- and make it sound urgent. They may ask you to accept money on their behalf (without realizing it, you may be breaking the law)

Red flags to watch for; when someone who you haven't met in person professes their love, they have an excuse not to meet in person, poor or oddly written messages, they may discourage you from discussing them with friends/family, they say they live close to you, but work overseas.

Phishing

Phishing refers to any message that has been deliberately faked to make it look like it’s from an authentic sender. Phishing is one of the most common type of cyber attacks because it can take so many different forms, such as emails, phone calls, and text messages. Phishing attacks can be quite sophisticated and convincing, so it's important to be cautious when opening emails or messages from unknown senders. Always double-check the sender's email address and avoid clicking on any suspicious links or attachments.
There are a few different forms of phishing, you can read about them all below.

Smishing

Smishing is a type of phishing scam that involves fraudulent text messages sent to deceive individuals into providing sensitive information or clicking on malicious links. Stay vigilant and never share personal information through text messages to protect yourself from smishing attacks.

example:

Bank Fraud Alerts: These messages appear to come from the victim’s bank, warning about unauthorized transactions or suspicious activities. The user is then prompted to click on a link to verify their transactions or call a number, both controlled by the attacker.
Service Cancellation: The attacker warns the victim that a subscription or service (like a streaming service or software subscription) is about to be canceled due to a payment issue. They’re urged to click on a link to “resolve” the issue, which usually leads to a phishing page.

Spear Phishing

Spear phishing is a targeted form of phishing where cybercriminals send personalized emails or messages to trick individuals into revealing sensitive information or performing actions like clicking on malicious links or attachments. It's like a digital con artist using tailored tactics to deceive specific targets.

Spear phishing could look like:

An email from the accounting department at your work asking you to provide an invoice.
An email from your boss asking you to send your banking information for direct deposits of your paycheque.
An email from a friend that contains a suspicious link or attachment about your favourite music or sports team.

Spoofing

Spoofing is a deceitful practice where someone or something masquerades as someone else to gain trust or access to information. In the context of cybersecurity, spoofing commonly refers to the act of falsifying data to appear as a trustworthy source in order to deceive individuals or systems.

example: A scammer may send you an email from an address that resembles a colleague, friend or trusted company. At first glance, the email may seem real, but the scammer is hoping that you click on a link , open an attachment, or give up personal information.

Vishing

Vishing is a type of scam where fraudsters use voice calls to deceive individuals into providing personal or financial information. It's like phishing, but over the phone. Be cautious and never share sensitive information over calls you didn't initiate.

examples: A family member, often claiming to need urgent help, to try and trick their target into sending money or sensitive information.

Vishers will impersonate government or law enforcement agencies by using threatening language or offering refunds, like a tax refund from the CRA, to trick their victims into offering up personal information.

Whaling

Whaling is a fraudulent practice where cybercriminals target high-profile individuals within organizations, such as executives or senior staff, to deceive them into providing sensitive information or access to company systems. This type of cyber attack aims to steal valuable data, compromise networks, or carry out financial fraud.

An example of this would be someone requesting payroll information about current and past employees

Helpful ways to protect yourself

e-Transfer Autodeposit®

Autodeposit is an Interac e-Transfer® feature that allows users to register to have incoming Interac e-Transfer® funds deposited into their account.

Benefits:

Get funds deposited right into your account.
No security questions or passwords required.
Safe and easy way to secure your transaction (ie. more difficult for a fraudster to intercept your message)

How to set up Autodeposit:

Login to your Mobile App or Online Banking
Go to your Interac e-Transfer® section and select 'settings'
Register your email address link the account for deposits.
Confirm registration in the confirmation email.

Note: e-Transfers sent via phone number will not autodeposit to your account. They must be sent to your email address. You may add addtional email addresses and bank accounts for Autodeposit.

Passwords

Passwords play a crucial role in our life. Daily, we use passwords to authenticate access to various systems and services, whether at work or home. To safeguard against fraud and data breaches, here are some useful tips for creating secure passwords and protecting your information:

Create unique passwords for every online account.
Use combination passphrases that are easy for you to remember but hard for others to guess
Set up MFA such as a SMS alert that notifies you if your accounts have been access, used or changed.
Use a Password Manager, a program that securely stores all your passwords in an encrypted vault.
Use alternatives to passwords such as biometric logins (finger or facial recognition)
Avoid using simple passwords.
Never use your name, birth date, or other personal information.
Avoid entering passwords when connected to unsecure Wi-Fi connections (like a coffee shop or airport).
Avoid entering passwords on computers you don't control.

Transaction Alerts

Transaction Alerts are notifications sent to you via email or text message whenever there is activity on your account, such as deposits, withdrawals or changes to your account. These alerts help you stay informed about your finances in real-time, allowing you to monitor your account for any unauthorized or unusual transactions quickly. By receiving these alerts, you can detect potential fraud early, manage your budget more effectively, and have peace of mind knowing that your financial activities are being monitored closely.

Alert options with Stoughton Credit Union Online Banking/Mobile App

Security Alerts (New Payee Added, Personal Access Code (PAC) changed, and Online Banking Account Locked out, Online Login)
Balance and Activity Alerts (Low Balance, Deposit and Withdrawal)
Payment Alerts (Insufficient Funds, Scheduled Payment Failed, and Scheduled Transfer Failed)

How to Add Alerts
1. Login to your Online Banking or Mobile App.
2. Navigate to the Alerts section.
3. Add your Contact info.
4. Select the Alerts you'd like to receive.

Lock'N'Block®

Lock’N’Block® is quick, easy, and convenient – whether your card has been lost or stolen, you can rely on Lock’N’Block to protect you from fraud with the click of a button.

How it works

Login to your account via Online Banking or Mobile App.
Mobile App: Click on the Lock'N'Block® icon Onling Banking: Navigate to 'Account Services' and select Lock'N'Block®.
Select the card and toggle 'on' or 'off' the required option.
That’s it!

Protecting your information is crucial in today's digital world. Using a combination of alphanumeric characters and symbols in your password adds an extra layer of security to safeguard your personal data. By creating a strong password, you help ensure that your information remains confidential and protected from unauthorized access.

Redflags of Scams

-Unusual urgency or pressure to act quickly. (Fraudsters are good at making you feel panicked, don't fall for this!)

-Requests for sensitive information

-Anything too good to be true

-Unexpected emails (like an update on a parcel you didn’t even order)

-In an email- look for unprofessional design, spelling or grammar mistakes

How to report scams

-Call your financial institution
-Report the Incident to the Canadian Anti-Fraud Centre, and/or your local police department
Visit the Canadian Anti Fraud Centre
-Change passwords
-enable multi-factor authentication (where-ever offered)