Phishing Season is open for business.
These days, we tend to be over saturated by technology making us easy targets for scammers. Daily we’re pummeled with ads from Facebook, Twitter, Instagram, and YouTube. This, compiled with the mountain of junk mail we get daily and the bad habit we’ve developed of mostly only reading subject headings creates the perfect storm. And scammers, they thrive in conflict, intentionally hoping your panic will result in a win for them.
So how do we escape this constant battle of possibly giving away our livelihoods? Follow these tips to protect yourself, because phishing season is open for business and it’s not just a season – it’s every day.
Seven ways to stick it to the scammers
1. Avoid clicking on text message links from Financial Institutions.
Never click on a link in a text from a financial institution instructing you to change your online banking password. We have a risk management team dedicated to protecting you from fraud; if your banking password becomes compromised, our team will call you to come in so we can help you change all your passwords and PINs.
2. Don’t click on unexpected links in emails.
The only email we send you is the one you’re expecting. Don’t click on links in emails either if you’re not expecting it.
Scenario 1: We send you an email letting you know your statement is ready to view: Expected, you signed up for eStatements and notifications (even if it was ages ago).
Scenario 2: We email your loan documents after an appointment: Expected, you just met with us to discuss the loan (and our security measures include encryption and secure platforms like e-sign).
Scenario 3: Out of the blue, you get an email letting you know your online banking was hacked and you need to change your password: Unexpected and therefore a phishing scam.
*Please note that phishing attempts can be successful and if your account is hacked, our risk management department would notify you via a phone call (after ensuring you have the correct contact information of course).
3. Understand how URL’s work.
When it comes to scamming, there’s one trend that is common and that’s the fact that most online scams use a URL. Understanding how a URL works and how scammers can use it to defraud you is key.
*A protocol encrypts the website, protects against eavesdropping and man-in-the-middle attacks.
**A domain name locates an organization or other entity on the internet.
Scammers will try to change the domain name and make it look as close as possible to the original in order to get you to log into a fake website with credentials that they then steal and proceed to use in future.
Scenario 1: www.lntegriscu.ca – that’s not a capital ‘i’, it’s an L hiding in plain sight and it’s fake, fake, fake.
Scenario 2: my.integri5cu.ca – the 5 is a little recognizable, however, sometime numbers can be used instead of letters and at a quick glance, it’s not immediately recognizable.
Scenario 3: www.integriscu.com, or .org, or .uk – that’s not us. We’re .ca all the way.
Scenario 4: www.integriscu.ca – seems legit, but really there’s a masked URL underneath that links to a fraudulent website and it could use some of the scenario tricks listed above. To discover if a link is masked, hold your cursor over the URL and wait for the text box to disclose the actual URL address.
4. Set a complex password. Please.
Your PAC must be 6 to 8 characters long and may contain any combination of letters (upper or lower case), numbers, special characters such as # % !, etc. but no space. Don’t let fraudsters (or family/friends) guess your password. If you give out your password, you forfeit your protection from our security guarantee. Read more about online banking security measures.
5. View your statement and log into online banking on a regular basis.
We don’t tell you this so you have extra work to do. We tell you this because if your account has been hacked, there is a thirty day verification / grace period for reporting fraud. If, months down the road you realize that you were hacked in the summer of ’69, there’s very little we can do to get your money back from the criminals who took it.
6. Set up alerts!
We get it – app notifications are annoying, and who needs just one more message telling them they just added a new bill payment vendor in their online banking or sent an eTransfer – but what if it wasn’t you who added the vendor, what if it wasn’t you who eTransfered your money away? Isn’t it better to be slightly annoyed and know you’re protected, than to open your app one day and wonder where all your money went? So alerts … you should do that.
7. Be aware of your responsibilities.
As a person with a bank account and unlimited access to the internet from almost every electronic device except your microwave, there are certain things you are responsible for. Maintaining up to date anti-virus and anti-spyware protection software is one of those things members are responsible for. If you do not maintain up to date protection software and are the victim of an online scam you may not be covered under our security guarantee.
Security not always guaranteed.
Our security guarantee is in place to stand behind the quality and safety of our Online and Mobile banking systems. It is not there to protect you against all risks of fraud. You have an obligation to take reasonable steps to protect your interests, like protecting access to your devices and sensitive banking information. You should be aware of and review the Direct Services Agreement carefully to understand what risks are allocated to you, the risks that are covered by our security guarantee, and the responsibilities that you must fulfill to get the full benefit of our security guarantee.
We’re here for our friends when they need us.
Our vision at Integris is to enrich the lives of all we serve – this means your online security is incredibly important to us because if compromised, it greatly affects your financial health. If you, or someone you know, feel like you are being targeted by a phishing scam or defrauded in any way, please reach out to us immediately by contacting any of our branches. If you can’t reach us during closed hours, feel free to reach out to us on Facebook messenger (@integriscu) and a representative will get back to you as soon as we can.
FRAUD. RECOGNIZE IT. REPORT IT. STOP IT.
