Skip to main content

Fraud Prevention

How to spot a scam

As technology innovation increases, so do the risks of becoming a victim of fraud. Identity thieves and hackers are always looking for new opportunities and target everyone. All a fraudster requires is access to a few pieces of information for an individual to become a victim of financial loss or have their identity stolen.

It’s not always easy to determine what is a scam or fraud – recognizing the signs and taking proper precautions when volunteering your personal or financial information is key to being safe. Click on the tabs below to learn more about each scam and how to protect yourself from it.

If you suspect fraudulent activity on your account(s) for WFCU and its divisions, please contact our Member Contact Centre immediately at 519-974-3100 or toll-free at 1-866-500-WFCU (9328).

Card Fraud

Never loan your card or share your Personal Identification Number (PIN) with anyone.
Choose a PIN that would be hard to guess, and don’t write it down or store it in an obvious place.

Report all lost or stolen cards immediately.
You will be provided with a new card.

Always be cautious regarding sensitive information.
If you receive a phone call asking for your card number and information, do not provide your card details unless you know and trust the caller.

Online purchases should only be made with reputable retailers who have secure websites.
The website address should start with https:// – the “s’’ indicates it’s secure.

Don’t insert your card into a machine or terminal that has parts that wiggle, are damaged, or look out of place. These signs could indicate the machine has a card skimmer attached.

Ensure you review your member account statement.
It’s a good idea to review your statement at least once a month and report any discrepancies immediately.

Cheque Fraud

What is cheque fraud?

With the advancement of computer technology, criminals can manipulate cheques in such a way as to deceive innocent victims.

A significant amount of cheque fraud is due to counterfeiting through desktop publishing (graphic manipulation) to create or duplicate an actual financial document, as well as chemical alteration, which consists of removing some or all of the information and manipulating the cheque to the benefit of the criminal. Victims include financial institutions, businesses who accept and issue cheques, and the consumer. In most cases, these crimes begin with the theft of a financial document. It can be perpetrated as easily as someone stealing a blank cheque from your home or vehicle during a burglary, searching for a cancelled or old cheque in the garbage, or stealing a cheque from the mailbox.

Cheque Fraud Tips:

  • Ensure your cheques are endorsed by your financial institution and incorporate security features that help combat counterfeiting and alteration.
  • Store your cheques, deposit slips, bank statements, and cancelled cheques in a secure and locked location. Never leave your cheque book in your vehicle or out in the open.
  • Reconcile your bank statement within 30 days of receipt in order to detect any irregularities. Otherwise, you may become liable for any losses due to cheque fraud.
  • Never give your account number to people you do not know, especially over the telephone. Be particularly aware of unsolicited phone sales. Fraud artists can use your account without your authorization and you may end up being responsible.
  • When you receive your cheque order, make sure none of the cheques are missing. Report missing cheques to your bank at once. Should you fail to receive your order by mail, alert your bank.
  • If someone pays you with a cashier’s cheque, have them accompany you to the bank to cash it. If at all possible, only accept a cheque during normal business hours so you can verify whether it is legitimate. Make sure you obtain identification information from the individual.
  • Limit the amount of personal information on your cheque. For example, do not include your SIN, driver’s license, or telephone numbers on your cheque. A criminal can use this information to literally steal your identity by applying for a credit card or loan in your name, or even opening a new chequing account.
  • Don’t leave blank spaces on the payee and amount lines.
  • Don’t write your credit card number on the cheque.
  • Use your own pre-printed deposit slips, and make sure the account number on your slip is correct. Thieves occasionally alter deposit slips in the hope you won’t notice and the money goes into their account.
  • Don’t make a cheque payable to cash. If lost or stolen, the cheque can be cashed by anyone.

If you’re a business, use Payee Match regularly to manage cheque clearing and detect potential fraudulent activity.  

Counterfeit Fraud

Counterfeit money has been around almost as long as currency itself. So how can you help protect yourself against receiving fraudulent money? Here are a few things you should know.

How to tell if a bill is counterfeit?

There are numerous ways one can detect counterfeit money, but some of the easiest ways to identify if a bill is counterfeit include:

  • Most Canadian bills have raised ink on them in a few places including the large number on the bill, the four portraits, and the word ‘Canada’.
  • Look at the bill from various angles – you should be able to see colours changing in some areas, like the metallic symbols and images.
  • Flip the bill over and look through the transparent window – you should see the same image that is on the front of the bill.

To learn more about the security features of Canadian bills click here.

Don’t take offence

Checking monetary bills helps protect everyone. Don’t be alarmed or offended if a cashier, clerk, or bank teller examines your bills. By checking for counterfeit bills, it helps keep them out of circulation and out of your pockets.

If you think you are in possession of counterfeit bills, take them to your local police department. The police will inspect them for you to determine if they are counterfeit or not. If the bills are real, you will get them back.

Emergency or Grandparent Scam

Emergency scams often target grandparents and play upon their emotions to rob them of their money. A grandparent receives a phone call from a scammer claiming to be one of his or her grandchildren. Callers go on to say that they are in some kind of trouble (e.g., car accident, jail, issues in a foreign country) and need money immediately.

How to spot the scam:

  • Always call the child’s parents or friends to verify the story.
  • Ask the caller questions that only your loved one would be able to answer.
  • Never send money to someone you don’t know and trust. Verify the caller’s identity before you take any action.
  • Don’t give out any personal information to the caller and ask yourself, “does the caller’s story make sense?”

Interac e-Transfer® Fraud

Interac e-Transfer is a quick and secure way to send, receive, and request money when you know the proper security measures to follow. Fraudsters are coming up with new, more elaborate ways to scam you for your hard-earned money, and one of those ways is through intercepted Interac e-Transfers.

What is an Intercepted Interac e-Transfer?

An intercepted Interac e-Transfer occurs when the money you send, or were to receive, gets seized and deposited into a fraudster’s account before you or the intended recipient has a chance to receive it. The intercept is not caused by lack of security measures or vulnerability with Interac e-Transfer or WFCU Credit Union, but rather is a result of the intended recipient’s email account being hacked. Once a fraudster has access to the recipient’s email account, they are able to view the notifications from Interac and use the deposit link to redirect funds to their fraudulent account by answering the security question which many people often provide within the message of their Interac e-Transfer® or by email to the recipient.

Protect yourself with these tips:

  • Do not put the answer to the security question in the message box or provide the answer of the security question to the intended recipient using email or text. Call the recipient to provide the answer.
  • Select a question and answer that is not easy for a third party to guess and cannot easily be found on social media. If the notification is intercepted, it will be harder for a criminal to answer and steal the funds.
  • Register for Autodeposit. Having funds automatically deposited into your account removes the risk of a criminal intercepting the deposit email.
  • Be cautious. Don’t open emails or click on links that seem suspicious.
  • Notify your financial institution immediately if you sense anything fraudulent about a transaction.

To learn more visit interac.ca.

Investment Fraud

Be careful of investment opportunities that offer abnormally high returns. You should exercise extreme caution when presented with an opportunity to make a large amount of money without assuming any risk. Never commit to anything at high pressure meetings or seminars; these aggressive sales techniques are used by scammers to try and force you into making quick and uneducated decisions.

Don’t make any decisions without doing your homework. Research the offer being made and seek independent advice before making a decision. Conduct background research on the person or company that is providing you with the investment opportunity. Remember, if it sounds too good to be true, it usually is.

Lottery Scam

You cannot win money or a prize in a lottery unless you have entered it yourself, or someone else has entered it on your behalf. Many lottery scams try to trick you into sending large amounts of money to claim fake prizes. Remember, legitimate lotteries do not require you to pay a fee or tax to collect your winnings. Never send money or provide banking details to anybody you don’t know and trust.

Don’t be fooled by claims that the offer is legal or has government approval – many scammers will tell you this. Examine all of the terms and conditions of any offer very carefully. Claims of free or very cheap offers often have hidden costs.

Microsoft Support or Vishing Scam

Vishing is voice phishing and uses telephone communication in an attempt to trick you into providing your personal information. Through vishing, fraudsters will pose as a representative of a legitimate company. Your caller ID may even display the actual company name and phone number of the company they are falsely representing.

If you receive an unsolicited telephone call from someone claiming to be from WFCU Credit Union and its divisions, know that we will never ask you to disclose your PIN or passwords over the telephone. We will also never ask you to withdraw money or perform any financial transaction through an unknown web address, for any reason.

WFCU Credit Union and its divisions will call you about unusual activity on your account or in response to a request you initiated. We may also call you periodically about new products, services, or events you may be interested in. To ensure that we are speaking with the correct person, we will ask you to answer basic questions at the start of the call in order to verify your identity.

If for any reason you feel that the questions being asked of you are inappropriate, we recommend that you end the call and contact WFCU Credit Union and its divisions at 519-974-WFCU to verify the legitimacy of the call.

Money Transfer Fraud

This increasingly common scam targets your business and can cause significant financial loss. Criminals use this scam to trick employees into electronically transferring large sums of money to fraudulent accounts. Variations of this scam include:

Criminals compromise or imitate the email account of a manager or employee of the company.
The criminals use this hijacked or imitated email account to direct staff to wire transfer money to an unknowingly fraudulent account.

Creating fraudulent invoices that appear to be from your business’ usual and legitimate vendors/suppliers.
These fake invoice requests will ask for the wire transfer payment to be sent to an alternative account which actually belongs to the criminals.

Actions you can take:

Require all staff to verbally confirm all wire transfer requests.
Encourage this practice even if the request appears to originate from a higher-level staff member or manager.

Confirm anything suspicious.
Call vendors and suppliers to confirm the legitimacy of invoices that require payment by wire transfer, especially if a new account number is requested. Make sure staff call the phone number from your file, not from the invoice provided.

One Ring Scam

With the “One Ring” scam, fraudsters call and hang up after one ring without leaving a voicemail message. The premise is to lure individuals to immediately call the number back.

In doing so, victims are calling back a suspect number that is subject to hefty fees.  There have been cases reported where callers are charged up to $400/minute.

Once the call is connected, the fraudster has set up automatic voice prompts (e.g., Press 1 for English) that are intended to maximize the duration of the call.

In most cases, local telecomm providers will hold you responsible for making full payment on these calls.

The current influx of “One Ring” scam calls are coming from numbers starting with 370 (Lithuania) or 212 (Morocco) however other international locations have also been cited.

In the event that you notice a missed call from an unknown number and no voicemail message has been left, be cautious in returning the call; especially when the number resides outside of Canada.

If you happen to answer an inbound call from an unknown number that originates from outside of Canada and you are immediately greeted by an automated prompt, terminate the call immediately by hanging up.

Online Gaming Fraud

With many members working or spending more time at home, they are interested in finding new ways to pass the time. Online gaming may seem like a harmless way to have some fun, and it can be, as long as you remain vigilant to potential fraud.

Please note that it is illegal for online gaming sites or hosts to request money to participate in any sort of gaming activity or for you to pay to participate in any online gaming. Online gaming can include games of chance, bingo, raffles, poker, squares, etc., and must be run through the Ontario Lottery and Gaming Corporation (OLG). It is important that members do not send funds to or participate in games run through social media sites that are not properly licensed.

If you are asked to pay to play, think twice – make sure the host holds or displays a valid license!

Online Shopping Scams

Criminals create fake online stores that mimic the look of real sites or use the names of well-known stores or brands. When you search for the best online deals, you may find yourself at one of these fake sites. By purchasing from such websites, you can end up with counterfeit or stolen items, or your purchases might never be delivered.

Beware of scammers on legitimate websites.
Additionally, large, online stores often offer products sold by different individuals or companies that might have fraudulent intentions. Everybody loves a great deal, but shocking offers, unbelievable discounts, and unreal rates may signal that the offer isn’t quite what it seems.

Watch out for fake advertisements posing as legitimate brands.
Fraudsters recognize that consumers spend a lot of time on social media and will post ads for free trials, or discounted merchandise. They may also use the names and photos of well-known individuals or companies to fake endorsements of their products.

Overpayment Scam

If you or your business is selling products or services online, you might be targeted by an overpayment scam.

A potential buyer sends you payment that is more than the agreed upon amount. The buyer will then ask you to refund the excess amount by money transfer. This buyer is likely a scammer and is hoping that you will transfer the refund before you discover that their cheque or money order was counterfeit. You will lose the transferred money as well as the item if you have already sent it.

Don’t accept a cheque or money order for payment for goods that is more than what you agreed upon. Send it back and ask the buyer to send you payment for the agreed amount before you deliver the goods or services.

Port-Out Fraud

Fraudsters are hijacking mobile phone numbers and they aren’t doing it to make long-distance calls at your expense. They’re doing it because they know that having your mobile phone number gives them an opportunity to assume your identity.

How does it work?

Mobile phone numbers can be legally ported from one mobile phone provider to another if you switch your provider. To combat against this, mobile phone providers have put defences in place, such as asking customers to set up a PIN or password they must provide when inquiring about their account. However, if a fraudster can get a hold of enough of your personal information, such as your name, address, date of birth, social insurance number, or passwords, then they can steal your phone number, hijack your account, and take your identity along with it. To complete a port-out fraud, fraudsters first con the victim’s mobile phone provider into believing the request is from the actual account holder. If successful, your mobile phone number is ported to a different mobile device or account set up by the fraudster. Once receiving your texts and calls, the fraudster will attempt to reset the passwords and access authorizations for as many of your financial and social media accounts as possible. Once the fraudster has access, they can drain your bank accounts, sell your information on the dark web, or ask you to pay them to get your accounts back.

How can you protect yourself?

  • Set up a PIN or password that is required to confirm your identity each time you call your mobile phone provider to inquire about your account.
  • Enable text and email notifications for all your accounts including financial and mobile devices.
  • Do not provide your personal information to anyone that calls or texts asking for it. If the individual asking for your personal information claims to be from a business you are familiar with, hang up and call that business back using the phone number provided on their website or bills to ensure the request is legitimate.
  • Protect information that could be used to verify your identity and keep this information off of social media. This information could include the last four digits of your social insurance number, your phone number, your date of birth, the make and model of your first car, your pet’s name, or your mother’s maiden name.

What to do if you think you’re a victim of port-out fraud?

If you believe you have fallen victim to a port-out fraud, you should immediately:

  • Contact your mobile phone provider;
  • contact your financial institution;
  • contact the police to file a report; and
  • place a fraud alert on your credit reports and register for credit monitoring.

Phishing and Pharming Email Scams

A common way for internet scammers to obtain your personal information is through a method called phishing. Usernames, passwords, banking information, and credit card details are phished through email or instant messaging. Phishing works by sending communications, which appear to be from your financial institution, where you are asked to log in to your online banking to verify account information. The fake email instructs you to click on a link that takes you to a non-legitimate version of your online banking site – one that is largely indistinguishable from the legitimate site – where you’ll be asked to enter your credentials. Once bad actors obtain these credentials, they can then be used for identity theft.

Tell-tale signs of phishing emails include:

  • Poor spelling or grammar
  • Alarmist content, warning that your account will be closed if you don’t provide your banking or personal details immediately
  • Notices that you’ve won a prize and are required to pay a fee in order to claim it

Never provide personal details or any account details in an email. Electronic messaging is not a secure form of communication. If you receive a message that you are unsure about, please contact us.

Pharming

Another way for hackers to get their hands on your personal details is by pharming them. Pharming occurs when hackers use a malicious code on your computer which compromises your host file and redirects you to fake websites. The malware hides the fraudulent URL, cloaking it in the legitimate one that appears in your browser. With pharming, the dishonest redirection of URLs happens even when you type correct URLs directly into your browser, making you think that you’re on the correct website when you are not. Once there, you are asked to enter your online banking credentials or account information, which hackers take and use for criminal activity.

How to Avoid Phishing and Pharming Scams

  • Never use a link provided in an email to access your online banking.
  • Do not open emails or email attachments from unknown sources.
  • Always type your financial institution’s website address directly into your browser and remember to look for confirmation that you are browsing securely. The letter “s” in ‘https’ indicates you are navigating in a secure site, in comparison to the open and unprotected ‘http’ URLs.
  • Don’t feel panicked when phishing emails caution of immediate account closures if your banking details cannot be verified.
  • Don’t believe emails warning that your account has been compromised or that you’ll miss out on a great deal if you fail to act immediately.
  • If you are concerned, call our Member Contact Centre or visit one of our branch locations.

Romance Scam

  • Some illegitimate dating websites make you pay for each email or message. Scammers will send vague-sounding emails filled with love and desire to keep you writing back.
  • Scammers will try to build a relationship with you and exploit your compassionate side. They ask for money to help a sick family member, deal with a personal emergency, or to pay for travel expenses to visit you – and then they disappear.
  • Check website addresses carefully. Scammers often set up fake websites with similar addresses to legitimate sites.
  • Never send money, or give credit card or online account details to anyone you don’t know and trust.
  • Ask yourself, “Would someone I have never met really declare their love for me after only a few letters or emails?”
  • Always talk to a trusted loved one before you send money to people you have met online.

SMShing

SMS phishing is when cybercriminals send Short Message Service (SMS) text messages that are designed to steal personal or financial information from you, whether by pretending to be a reputable site, or getting you to download malware onto your phone. They could also try to trick you into giving them the login to your Apple account, if you’ve got one, which would then provide them with your personal data.

Types of SMS phishing scams:

Competitions

  • You may receive a text message inviting you to join a competition. What seems like an SMS from a reputable company may really be from a cybercriminal. You’ll usually be asked to enter personal information in order to join the contest or collect your prize. The information is then collected by the fraudsters.

Verifying credit card transactions

  • Cyber criminals can pretend to be credit card providers in order to send fake text messages. These SMS messages may ask you to confirm a recent transaction. Your reply will help them to confirm your phone number, which they can then use to call you in order to try to scam you.

Expensive texts

Whatever their disguise for getting you to text them back, SMS fraudsters could also be charging you a hefty SMS rate for your reply. You could also be automatically signed up for ongoing charges.

Protect yourself against SMS phishing

  • Don’t reply to SMS messages from numbers that you don’t recognize. If in doubt, get in touch with your mobile phone provider to check if certain numbers charge premium rates.
  • Don’t share your login, personal, or financial details over SMS. Your bank, utility provider, or any other genuine company will never ask for sensitive information via text message.
  • Watch where you input two-factor authentication codes. When you’re signing in to a secured website, it may send a code to your phone via SMS, which you have to enter on the site in addition to your login details. Fraudsters could send you fake SMS messages asking for this code.

Spyware and Scareware Scams

Spyware is exactly what it sounds like – tracking software that is downloaded to your computer (without your knowledge) when you visit certain internet sites. Secretly, it gathers information about you and your browsing habits. This information can be trivial or it can include passwords and personal data that you wouldn’t want criminals to get their hands on. It can also interfere with user controls and disable legitimate anti-virus programs.

The best way to protect your computer against spyware is smart browsing. Stay away from sites that look unsafe and avoid streaming or downloading content from untrustworthy sources. Many anti-virus products offer targeted spyware solutions that inspect your operating system, installed programs, downloads and files.

Scareware

One of the most common viruses to watch out for is known as scareware. These scams pop up on your screen and display alarmist warnings, telling you a virus has invaded your computer. Scareware prompts you to download (and often pay for) fake anti-virus software to remove the non-existent viruses. Scareware is a scam that tries to trick you into paying money in exchange for nothing.

You can protect against scareware by keeping your anti-virus software up-to-date and by being judicious about what you choose to download to your computer. You should also familiarize yourself with the interface of your legitimate anti-virus program, so you won’t be fooled if one of these pop-ups appears.

For more on cybersecurity best practices, the Canadian Credit Union Association has compiled a series of videos available here.