Trust & fear.
“It’s official, it must be true.” These scams prey on urgency and hope that you assume trust because they are pretending to be an official source or representative.
Impersonation of CRA, immigration, emergency, bank etc.
Calling and claiming to be an employee of a government agency, such as Canada Revenue Agency (CRA) / Service Canada, police, judges or emergency personnel such as paramedics and requesting personal and financial information to facilitate ID Theft or secure funds.
The caller may falsely claim that you have taxes or outstanding balances owing, may be facing arrest and/or jail time, or that a loved one has been in an accident and/or has been incarcerated and needs funds to be sent via wire or E-transfer, or cash to be sent via mail, to facilitate bail and costs of recovery.
Red flags to watch out for.
- Fear tactics
Calls or e-mails claiming that your Social Insurance Number (SIN) is compromised or that there’s an outstanding case against you. Aggressive language that instills fear about potential tax issues or financial crimes and ongoing calls with escalating requests for more funds, if you comply
- Emergency and urgency
Someone claiming that a loved one has been arrested or is critically injured, demanding immediate funds for legal fees, bail, or medical expenses. Calls designed to create a sense of urgency, threatening arrest, fines, or deportation if you don’t comply immediately
- Unusual payment methods
If you’re asked to pay fines or fees using gift cards, Bitcoin, wire transfers, or even sending cash through the mail. Sending fake police to collect cash or cheques directly from your home.
- Fraudulent claims
Any unexpected or incorrect refund claims, especially if the phishing site asks for information that the CRA should already have on file. Legitimate tax authorities, like the CRA, do not issue refunds via e-transfer
Report an incident
Fake websites and messages through phishing, vishing, smishing attacks.
Emails impersonating legit companies.
In phishing, fraudsters attempt to gain access to your banking information by sending fraudulent emails to unsuspecting users pretending to be from a legitimate company.
The email directs the recipient to select links which are linked to fraudulent websites and the recipient is asked to enter personal information. By appearing to come from a legitimate company such as a Vancity in the form of email or text, the email can trick you into sharing sensitive information like your SIN, financial data such as credit card numbers or online banking login credentials. The fraudster will then use the information they received to access your accounts, spend your money, or steal your identity.
Watch out for:
- Messages often appear legitimate and may contain logos or other images of the organization they are attempting to impersonate however the website URLs don’t match the legitimate organization’s website
- Unexpected emails or text communication from the organization
- A sense of urgency in taking action to protect your account or information
- Messaging contains poor grammar or spelling mistakes unbecoming of a professional organization
- Notifications that indicate a pending reimbursement or refunds that you are not anticipating
- Asking you to click a link to block or unblock an account due to unauthorized logins
Phone calls or text messages.
Vishing or voice phishing and smishing or SMS phishing are types of mobile fraud which uses phone calls or text messages to fool you into sharing your financial data and personal information.
Picture this: you receive a text message on your cell phone. The message states that it is from Vancity and creates a sense of urgency by telling you that your account has been suspended or locked either due to unauthorized access or excessive unsuccessful attempts to gain access.
The message concludes by asking you to reactivate or unlock your account either by calling the phone number provided or linking to a website sent to you in an SMS. What and how much personal information you provide in the following will give the fraudsters all they need to steal your money, personal information, or your identity.
Watch out for:
- A familiar organization reaching out with an urgent matter that requires you to disclose significant amounts of personal or financial information
- Verification (using random one-time passwords in the name of multi-factor authentication) of fraud transactions that have not actually occurred. Requesting personal or financial information or access to online accounts during this process
- Call display numbers and contact information manipulated to make it appear a familiar organization is attempting to contact you. Never use call display as a “source of truth”
- Indicating that the purpose of the call is regarding pending refunds or reimbursement that requires immediate action
Report an incident
Business Email Compromise (BEC) Scam
A type of spear phishing attack using email communication where fraudsters impersonate a known and trusted contact or colleague to get you to send money or compromise sensitive information like passwords or system access. They leverage your existing relationship with the sender to trick you into giving system access, installing malicious software, or most commonly - to complete fraudulent transactions, specifically wire transfers or sending funds via Pre-authorized Payment.
With business email compromises, remember to look out for:
- Email address variations
Slight, sneaky changes in email addresses and domain names, such as “example.com” turning into “exampie.com.” or “vanciti.com” instead of “vancity.com”. Even legitimate email accounts can be hacked and used for scams
- Change to wire transfer details
Wire transfer requests that have altered beneficiary details, including changes in the beneficiary's name, bank account number, bank name/location, or currency
- Unusual urgency and confidentiality
Unusual an inconsistent request with suspicious attachments or "highly confidential" requests, intended to keep transactions secret and instill fear or pressure you into making hurried decisions
- Changes in style and mistakes
Discrepancies in tone, phrasing, terminology, or writing style compared to previous emails from the same individual. Pay close attention to spelling errors or poor grammar indicating lack of professionalism or authenticity
- Tactfully timed and limited communication
The transaction request is occurring prior to a long weekend or holiday in hopes that the fraud will go undetected for a longer period. Verify the request verbally using a known phone number if the sender states that they can only be reached via email or by a new, unfamiliar phone number
Report an incident
Confusion.
“Why is my computer doing this?!” These security threats often occur alongside impersonation or fake websites that then leave your computer vulnerable to attack on or through your computer or phone.
Malwares, viruses and rootkits.
One of the most insidious methods of stealing your personal and financial information is through the use of unwanted, malicious software – generally referred to as malware – that’s installed without your knowledge on your computer. This can happen when you go to certain websites, download videos or files, etc.
These malware tools have different functions but are all designed to extract valuable website use patterns, personal information and passcodes, without the knowledge or consent of the user.
While malware can be tough to detect – often installing on your computer when you download software or a game from the web – you aren’t defenseless against it.
Some forms of malware include:
- Computer viruses Computer viruses are software programs deliberately designed to interfere with computer operation, record, corrupt or delete data, or spread themselves to other computers and throughout the Internet. Viruses often slow things down and cause other problems in the process.
- RootkitsA rootkit is a stealth program installed on your computer that gives a hacker full control of your system and is not detected by anti-virus software.
- Worms, adware, Trojan Horses, Spyware and other damaging and unwanted software
Basic viruses typically require unwary computer users to inadvertently share or send them. Some viruses that are more sophisticated, such as worms, can replicate and send themselves automatically to other computers by controlling other software programs, such as an email sharing application. Certain viruses, called Trojans (named after the fabled Trojan horse) can falsely appear as a beneficial program to trick you into downloading them.
How to protect yourself.
- Keep your computer current with a firewall and the latest updates and industry standard antivirus tools
- Stay current about, and use safety when surfing the internet, downloading files, and opening attachments
- No computer is invulnerable from viruses, so make sure your data is backed up frequently to avoid loss of files if attacked
- Never open an email attachment from someone you don't know. It is always a good idea to scan all attachments, even files sent by a known user, using an antivirus software as the sender may be unaware that the attached file contains a virus.
Report an incident
Remote access scams.
Remote access scams can sound pretty technical, but the core idea is simple: scammers trick you into giving them access to your devices—like your computer, tablet, or smartphone by posing as tech support or claiming to fix a problem.
These scammers might contact you through pop-up messages on your screen or cold calls. They’ll ask for access to your online accounts or sensitive personal information. Once they gain access, they may complete fraudulent transactions, disguising them as refunds or necessary payments.
Red flags to watch out for.
- Suspicious pop-ups and calls
Pop-up notifications with a phone number or an unexpected call from a "tech specialist" asking for remote access. Legitimate antivirus companies won’t use pop-ups to notify you of issues
- False virus alerts
Pop-ups that claim that your device has a virus, but your actual virus scan shows nothing
- Unsolicited cold calls
Tech support representatives calling out of the blue asking for remove access to solve issues related to your computer or software
- Remote access software requests
Asking you to download software that allows them to control your device remotely (like AnyDesk, TeamViewer, or Apple Remote)
- Suspicious refund requests
Companies like Amazon or PayPal won’t ask for direct access to your bank account for refunds. Typically, refunds take 3-5 business days and are processed using the same method you originally used for payment.
- Be cautious with active logins
Use caution if you are directed to login to your online accounts directly while remote access is active
- Unexpected mouse movements
If you notice your mouse cursor moving on its own or strange activity happening on your screen, turn off your device immediately.
Report an incident
Flattery & love.
“Are you buttering me up?” These scammers usually start small and slowly inch into your life and wallet.
Romance scams.
A social engineering tactic where scammers use legitimate dating websites, social media platforms, and unsolicited text messages to get you emotionally involved in a relationship, romantic or otherwise, and then manipulate you into sending them money as financial assistance to overcome hardships or buying or renting a property that facilitates relocation to be together. They could also just steal from you and flea without leaving a trace.
Here's an example.
Imagine you find the perfect match on a dating app. As your relationship grows, they reveal through messages and video chat that they're currently overseas for work or military service.
After a few weeks, they start to share personal stories about financial troubles, claiming they need money for unexpected medical bills or travel expenses to return home. They ask you to send money via wire transfer or gift cards, assuring you that it’s temporary and they’ll pay you back.
Feeling empathetic and believing in their feelings for you, you send the money. As time goes on, they continue to come up with more financial emergencies, each requiring more funds. Eventually, communication becomes sporadic, their stories start to feel inconsistent, and you realize this is a con artist using stolen photos and fake identities to exploit you emotionally and financially.
Red flags to watch out for.
- Emotional manipulation
Preying on the emotions of those looking to be in a relationship; those who have recently suffered a loss of a loved one can be considered particularly vulnerable.
- Impersonation
As it often starts as an online only relationship, profile photos could be copied directly from online sources to trick you into believing you are speaking to the person they’re impersonating
- Too many secrets
You’re being asked to keep the relationship secret and not be shared with family or friends. The scammer may also avoid or delay meeting you in person once they’ve finally gained your trust and the financial assistance has begun
- Gradual reveal
The emotional manipulation in these scams occurs gradually, as do the requests for financial help. Initially, they may ask for small amounts, but these requests often escalate in both frequency and dollar value. Additionally, your personal information may be stolen and used for identity theft later on.
Report an incident
Opportunity.
“What a good deal!” Watch out for things that sales, money making opportunities and promises that are too good to be true.
Scammers often create accounts on legitimate auction websites (such as eBay, Facebook Marketplace, Craigslist or Kijiji) and advertise products at a lower price than you would normally see. These enticing deals may convince you to purchase, only to end up never receiving the product that was mentioned or receiving a trash quality version of a similar product. There is no communication once funds are received and all advertisements or notifications for that product disappear. Concert tickets, puppies, and rental properties are often linked to scams.
Red flags to watch out for.
- ‘Sponsored’ posts on social media websites that seem genuine but lead to poor quality websites
- You have not seen the goods being purchased in person
- Urgency in sending funds in order to secure goods
- Goods sold at drastically reduced or very low prices (too good to be true)
- A sudden increase in agreed selling price or demand for additional payment
Report an incident
Investment scams.
If you come across an exciting investment opportunity via email, social media (Facebook or Instagram), or through word of mouth offering low-risk, high rate of return investments that’s too good to be true, there is a high probability that you’re being scammed. You may also receive unsolicited phone calls or emails with general advice on investing.
Red flags to watch out for:
- Pressure tactics
If you’re being told that a certain investment is "time-sensitive," creating a false sense of urgency to secure a supposedly guaranteed high return
- High-Value transactions
If you're asked to complete a large outgoing wire transfer, obtain a certified funds cheque, or send E-transfers to an investment or cryptocurrency company
- Withdrawal and cover stories
Someone is advising you to withdraw or move funds from existing investments to make a new investment with them or you’re feeling pressured to provide a false reason for your financial transactions to your bank—such as home renovations or gifts
- Complexity and confusion
If there seems to be a jargon overload – complex language that’s hard to understand, making it difficult for you to grasp how the investment works, how returns are generated and an unclear fee and withdrawal structure
- Lack of credibility
No to poor online presence and no registration with the Canadian Securities Administration and avoiding legitimate channels or face to face conversations for virtual-only (email or skype) interactions. Negative reviews on platforms like the Better Business Bureau or other online sites also speaks to the credibility of the company
Report an incident
Employment scams.
Ever come across an online job opportunity on online recruitment sites that promise high income salaries with minimal effort required? It’s most probably a scam. Typically, such opportunities are work from home and you never get to see the actual employer in person. The scammer is looking to either get you to share your banking details in the name of payroll or manipulate you into committing a cheque fraud.
Red flags to watch out for.
- A quick and easy offer
When job opportunities seem expedited by offering you the position with no interview process or pre-screening
- Requesting personal banking information
Scammers often steal logos, images or content from legitimate business websites to make the opportunity appear genuine before they ask you for personal banking information that is usually not asked for when accepting an employment opportunity. (for example, credit card number or online banking credentials/passwords). Genuine employers don’t need this information from you as payrolls are mostly handed as cheques, pre-authorized debits or cash
- Limited communications
The job posting may not have detailed information on who to contact and most of the communication will be done via email or Skype
- Fake first paycheque
In a type of cheque fraud, fake employers often you pay in advance using cheque images sent via email, followed by a request to return most of those funds through E-transfer for the purchase of goods or equipment associated with the role, while allowing the employee to keep a portion as a payroll advance on employment that has not yet started. These cheques are almost always counterfeit and will charge back leaving an overdraft on your account
Direct theft & fraud.
Through tactics above, direct theft, or even just looking over your shoulder when you unlock your phone or enter a pin, here are other common ways you may be attacked:
Online banking fraud.
Banking information or money stolen digitally (via email, through internet transfers, or malware downloads) classifies as online banking fraud. Fraud executed using mobile as a tool, for example through phone calls or SMS, is termed as mobile banking fraud. Regardless of the device used, cybercrime or digital banking fraud use sophisticated tools to trick you into thinking it’s all real.
Report an incident
Identity theft.
Identity theft or identity fraud is when someone steals your personal or business information and uses that information to assume your identity to access resources or obtain credit and other monetary benefits in your name or use your name to perform fraudulent activities.
Ways someone can steal your identity.
- Phishing, smishing, or vishing attacks that trick you into giving away your personal information by posing as representatives of established companies or government agencies you know. You can be tricked into sharing information directly via email text messages and phone calls, sharing money or downloading apps and software that hacks your computer and mobile.
- Using lost or stolen devices or cards to access your information
- Malware attacks to hack into your computer and access data and sensitive information without your authorization like your SIN number
- Hacking into your devices through shared public Wi-Fi networks
How to protect yourself.
- Report immediately
Report lost/stolen wallets to your financial institution, local police and credit bureaus. If you receive a suspicious email requesting your Vancity account information, do not provide any information or respond to the email and report it to us. Vancity will never request personal account information by email.
- Keep it private
Share personal information only with organizations that you know and trust and avoid giving out any personal information on social media. Shred unwanted personal documents such as transaction records, credit applications, insurance forms, cheques, financial statements, and tax returns
- Keep your eyes open
Check your Vancity and credit card account statements regularlyfor suspicious or unrecognizable transactions. Report if you notice anything suspicious. You can also check your credit report every year via Equifax Canada or TransUnion Canada.
- Stay safe
Always use reputable payment services when making online purchases. Look for a URL starting with 'https' and a closed padlock symbol. For in-store transactions, always shield your PINwhen using your member card at chip and pin card reading machines.
If you think somebody is trying to illegally obtain your personal or financial information or think you have been a victim of identity theft, report an incident immediately.
Cheque fraud.
Cheque fraud is one of the riskiest types of fraud, where your cheques are embezzled and/or illegally used to borrow or acquire money without your knowledge or used as a tool to gain your trust before manipulating you into transferring funds.
Ways it can be executed.
- Counterfeiting a cheque – fake cheque not written or issued by the legitimate account holder
- Forging the account holders’ signatures on a stolen cheque
- Altering the beneficiary’s name and amount on an issued cheque, using chemicals to erase the original text and filling it in with new information that benefits the scammer
- Applying for new bank accounts and cheque books using stolen personal information and using the cheques to fund other fraudulent activities
A cheque scam can also be executed through other ways like manipulating you into depositing a cheque sent by a criminal impersonating as a trust-worthy organization or company and getting you to wire transfer them money to cover “additional expenses” like tax payments. Once you transfer the money, there is no trace of the impersonator or your money. Moreover, you could be held accountable (under the terms of the Vancity Account Services Guide) for any credits deposited to your account using a fraudulent cheque.
Here’s an example.
Imagine receiving an email purportedly from your employer’s finance department, claiming you have an outstanding benefit to claim. The email promises to provide a digital cheque for a specified amount. After depositing the cheque, you’re instructed to transfer funds for a tax contribution. However, once the money is sent, both the sender and the funds disappear. The deposited cheque turns out to be fake, a clear case of cheque fraud. Similar scenarios can occur through job postings, lottery notifications, or overpayments requesting refunds.
How to spot a cheque scam.
- Digital cheques: Be cautious if sent an image instead of a physical cheque.
- Urgent requests: Avoid depositing cheques requiring immediate fund transfers for unrelated reasons.
- Altered details: Scrutinize cheques for irregularities like multiple fonts, alterations, unrelated payers, or if drawn on an out-of-province company and/or financial institution.
- Unrelated payer: If it’s a scam, the payer of the cheque mostly will have no obvious connection to the transaction – for example, an insurance company would likely not be connected to the private sale of a fridge from Facebook Marketplace
- Clearance process: Deposited funds aren’t guaranteed until the cheque clears; so wait till the clearance as bouncing cheques may incur penalties for you.
How to protect yourself.
- Notify Vancity immediately
Alert us at the first sign of cheque fraud or suspicion of lost/stolen cheques. Unsure about a cheque’s validity? Bring it to a branch where our advisors can assist.
- Trust and verification
Accept cheques only from known sources and spend the funds only after they clear your financial institution.
- Prefer electronic payments
Use wire transfers, E-Transfers, direct deposits, and pre-authorized payments instead of cheques.
- Handle with care
Store cheques securely, avoid leaving them in accessible areas.
- Monitor and act
Review monthly statements promptly and report discrepancies immediately. Shred unused cheques to prevent misuse.
Report an incident
Debit & credit card fraud.
Understanding debit and credit card fraud.
When your debit(member) or credit card card or the information on it is stolen or copied without your authorization to access your accounts and steal money or make fraudulent purchases in stores or online.
Ways your card or card info is stolen.
- Tampering with debit card readers to capture the information stored on the magnetic strip at the back of your card when you swipe your card for making payments
- Stealing your wallet
How to protect yourself.
- Never share your credit or debit PIN
Share personal information only when you are sure you know who you are talking to and there is good reason to provide it and give your card details only to websites you trust and know to be legitimate
- Make your PIN hard to guess
Choose unique numbers only you would know (and never use your date of birth)
- Treat cards like cash
Keep them safe and make sure you never lose sight of them
- Shield your passcode with your hand or body
Safeguard your PIN when using the automated teller machine (ATM) or in-store payments. If a machine looks like it’s been tampered with, don’t use it and alert the vendor
- Check statements regularly
Always report unauthorized or suspicious transactions to your financial institution immediately. Monitor your account activity by using our online banking or mobile app.
- Notify Vancity immediately
If you think you may have been a victim of card skimming or another kind of credit or debit card fraud, contact the Member Services Centre at 604-877-7000 or toll free at 1-888-Vancity (826-2489), or your branch immediately
Report an incident
Interac e-Transfer interception.
Interac e-Transfers can be intercepted and the funds diverted to another financial account, if fraudster gain access to your device or correctly guess the answer to your security question.
Your personal data and money can also be stolen online by tricking you into installing malware and viruses, social engineering and by intercepting communication between users and banking apps by accessing login credentials through eavesdropping or insecure public Wi-Fi networks.
Think CALM before you act.
Regardless of the type of fraud or scam, answer these questions every time you come across an email, text or phone call from an unknown source.
Context
Is this message unusual or surprising, given the typical procedures or topics? Do you often get these kinds of requests from this person?
Address
Is the email address truly accurate? Do a double check.
Language
Is the sender using their typical language and familiar style of speaking? What about typos or confusing wording?
Malware
Is this message trying to make me take an action that could infect my device with malicious software? (e.g. click a link or open an attachment)
Protection against online fraud.
- Never respond to a phishing email or text message. Delete it and report it immediately to the company being faked or “spoofed.” Do not reply to any email or text that requests your personal banking information from Vancity as we never ask for these details over email, text or phone
- Never enter personal or financial information into pop-up windows. Simply close the pop-up windows by clicking the X in the top right corner of the window (a "cancel" button may not work as you'd expect)
- When looking for Vancity’s website, always type in vancity.com instead of searching Vancity’s website on the internet or logging in using a link sent through email, text, or social media except from Vancity’s official social handles
- Ignore messages displayed on your computer advising your computer has been “hacked”. Contact Vancity directly instead
- Keep your PAC (Personal Access Code) secure – do not make is easy to guess, write it down, share with anyone or save on any device
Protection against mobile fraud.
- Always protect your smartphones and tablets with a password when not in use. Many newer mobile devices come with built-in password protection to lock your device if it is ever lost or stolen. You must enable this and set the device to lock within the shortest time-out period, to help protect you if it’s lost or stolen.
- Never store confidential personal information on your mobile device.
- Disable Bluetooth when not in use. Although Bluetooth may make it easier (and safer) to talk at times, hackers can take advantage of an always-on setting.
- Use updated antivirus software, encryption and firewalls whenever possible to protect against viruses and online hazards
- Think twice or more before you download an application. Read the the privacy policy so you know what data an app can access.
Protect your Interac e-Transfers.
- Creating a security question unique that only you and the recipient would know
- Double checking to ensure the phone number and/or email address of the recipient is correct
- Only sending Interac e-Transfers with recipients you know and trust
Report an incident
Mortgage and title fraud.
In mortgage fraud, an individual intentionally provides inaccurate, fraudulent, or incomplete information to a lender to secure a mortgage they might not otherwise be granted like:
- Claiming to have a higher income than earned or
- Providing a falsified appraisal of the property
In title fraud, the impersonator assumes the identity of an individual homeowner and then uses that false identity to pose as the homeowner, assuming the title on the home and sell the property or obtaining a mortgage on that property or other properties in the homeowner’s name.
How to protect yourself.
- Conduct a property search with your province land registry office every time you buy or sell a home to ensure that the title to your home is in your name
- Get title insurance
- Protect your personal information from identity theft
- Review your credit report regularly to find out if someone has opened unauthorized financial accounts in your name. You can request free copies of your credit report from credit reporting agencies (Equifax Canada and TransUnion Canada) by mail. Or request online versions of the reports for a small fee
Report an incident
How Vancity protects you.
Our security team works constantly to protect you from fraud, ensuring that security measures are being enhanced and technology is being upgraded.
We also work closely with police and industry partners in investigations to help catch the criminals that commit fraud against our members and credit union.
Was this helpful?
