Skip to main content
Online Banking
 
 
 
 
 

Fraud Awarenss Month - Recognize. Reject. Report

March is Fraud Awareness Month.  This month is about helping you spot scams before they catch you off guard.  At Stoughton Credit Union, we want our members to feel confident, safe and in control of their finances.

Fraudsters are creative, persistent, and sometimes very convincing.  Recognizing their tricks, rejecting their demands and reporting suspicious activity can stop them in their tracks. 

 
 
 

Recognize - Know the Signs

The first step in protecting yourself is to recognize the scams.  Fraudsters often use urgency, fear, or fake promises to get you to act fast.

Common Scams to Watch Out For

Phishing Emails & Texts
- Messages that look official but link to fake websites asking for personal information.

Vishing/Voice Scams
- Calls from someone claiming to be a bank, government agency, or tech support.

Romance & Friendship Scams
- Scammers build trust online, then ask for money or personal info.

Emergency Scams
- These scams pressure you to act immediately. Often claim there's a serious problem with a loved one, your finances or the law.Tech Support Scams
- Calls claming to be from Microsoft, Apple, or your internet provider to "fix" your device.

Social Media Scams
- Impersonated accounts, fake contests, or links that steal your data.

Reject - Protect Yourself

Once you recognize a scam, reject it.  Don't engage, don't click, and don't hand over money or personal information.

Simple ways to protect yourself:

  • Don't click links or open attachments from unknown or unexpected messages.
  • Hang up if someone pressures you for immediate payment or information.
  • Verify the caller or sender by contacting the organization directly - never use contact info they provide.
  • Use strong, unique passwords and enbale multi-factor authenitcation.
  • Consider using services like Lock'N'Block® to protect your cards.
  • Create a special word or phrase that only your family knows.  If someone calls or messages for money- ask for the word. No word? No money!

Report - Take Action

Reporting suspicious activity helps protect you and you community.  Don't feel embarrassed, it happens to the best of us.

Where to report:

  • Canadian Anti-Fraud Centre (CAFC): Report online or toll-free.
  • Local police: For threats, fraud involving money or intimidation.
  • Stoughton Credit Union: Contact us immediately if you suspect fraud affecting your accounts.Reporting isn't just about stopping the scam for yourself.  It can help prevent others from being victims too.
 
Phishing

Phishing refers to any message that has been deliberately faked to make it look like it’s from an authentic sender. Phishing is one of the most common type of cyber attacks because it can take so many different forms, such as emails, phone calls, and text messages.  Phishing attacks can be quite sophisticated and convincing, so it's important to be cautious when opening emails or messages from unknown senders. Always double-check the sender's email address and avoid clicking on any suspicious links or attachments.
There are a few different forms of phishing, you can read about them all below.
Smishing is a type of phishing scam that involves fraudulent text messages sent to deceive individuals into providing sensitive information or clicking on malicious links. Stay vigilant and never share personal information through text messages to protect yourself from smishing attacks.

example:  
  • Bank Fraud Alerts: These messages appear to come from the victim’s bank, warning about unauthorized transactions or suspicious activities. The user is then prompted to click on a link to verify their transactions or call a number, both controlled by the attacker.
  • Service Cancellation: The attacker warns the victim that a subscription or service (like a streaming service or software subscription) is about to be canceled due to a payment issue. They’re urged to click on a link to “resolve” the issue, which usually leads to a phishing page.
Spear phishing is a targeted form of phishing where cybercriminals send personalized emails or messages to trick individuals into revealing sensitive information or performing actions like clicking on malicious links or attachments. It's like a digital con artist using tailored tactics to deceive specific targets.

Spear phishing could look like:

  • An email from the accounting department at your work asking you to provide an invoice.
  • An email from your boss asking you to send your banking information for direct deposits of your paycheque.
  • An email from a friend that contains a suspicious link or attachment about your favourite music or sports team.
Spoofing is a deceitful practice where someone or something masquerades as someone else to gain trust or access to information. In the context of cybersecurity, spoofing commonly refers to the act of falsifying data to appear as a trustworthy source in order to deceive individuals or systems.

example:  A scammer may send you an email from an address that resembles a colleague, friend or trusted company. At first glance, the email may seem real, but the scammer is hoping that you click on a link , open an attachment, or give up personal information.
Vishing is a type of scam where fraudsters use voice calls to deceive individuals into providing personal or financial information. It's like phishing, but over the phone. Be cautious and never share sensitive information over calls you didn't initiate.

examples:  A family member, often claiming to need urgent help, to try and trick their target into sending money or sensitive information.

Vishers will impersonate government or law enforcement agencies by using threatening language or offering refunds, like a tax refund from the CRA, to trick their victims into offering up personal information.
Whaling is a fraudulent practice where cybercriminals target high-profile individuals within organizations, such as executives or senior staff, to deceive them into providing sensitive information or access to company systems. This type of cyber attack aims to steal valuable data, compromise networks, or carry out financial fraud.

An example of this would be someone requesting payroll information about current and past employees 
 

Extra Tips from Stoughton Credit Union

  • Regularly check account statements and set up mobile or email alerts.
  • Never share full passwords, PINs, or security codes with anyone.
  • If something feels "off", it probably is.  Trust your instincts.
  • Don't be fooled! Fraudsters will often provide the frist 4-6 numbers of your debit or credit card which is also known as the Bank Identifier Number (BIN).  Most cards with specific financial institutions begin with the same numbers and fraudsters use this as an attempt to convince you that they are legitmate.
  • The government won't send you a refund via email or text message.  
  • If you have been a victim of fraud in the past, there is a very good chance you will be targeted again.

Autodeposit is an Interac e-Transfer® feature that allows users to register to have incoming Interac e-Transfer® funds deposited into their account.  

Benefits:

  • Get funds deposited right into your account.
  • No security questions or passwords required.
  • Safe and easy way to secure your transaction (ie. more difficult for a fraudster to intercept your message)

How to set up Autodeposit:

  1. Login to your Mobile App or Online Banking
  2. Go to your Interac e-Transfer® section and select 'settings'
  3. Register your email address link the account for deposits.
  4. Confirm registration in the confirmation email.


Note:  e-Transfers sent via phone number will not autodeposit to your account.  They must be sent to your email address.  You may add addtional email addresses and bank accounts for Autodeposit.

Passwords play a crucial role in our life. Daily, we use passwords to authenticate access to various systems and services, whether at work or home. To safeguard against fraud and data breaches, here are some useful tips for creating secure passwords and protecting your information:

  • Create unique passwords for every online account.
  • Use combination passphrases that are easy for you to remember but hard for others to guess
  • Set up MFA such as a SMS alert that notifies you if your accounts have been access, used or changed.
  • Use a Password Manager, a program that securely stores all your passwords in an encrypted vault.
  • Use alternatives to passwords such as biometric logins (finger or facial recognition)
  • Avoid using simple passwords.
  • Never use your name, birth date, or other personal information.
  • Avoid entering passwords when connected to unsecure Wi-Fi connections (like a coffee shop or airport).
  • Avoid entering passwords on computers you don't control.

At SCU your passcode must consist of 9-30 characters and have a combination of letters, symbols and numbers.  The only acceptable characters are @ # $ - ! |

Passcodes expire after 365 days.  You will not receive a warning prior to it expiring but will be promted to change when needed.

Transaction Alerts are notifications sent to you via email or text message whenever there is activity on your account, such as deposits, withdrawals or changes to your account. These alerts help you stay informed about your finances in real-time, allowing you to monitor your account for any unauthorized or unusual transactions quickly. By receiving these alerts, you can detect potential fraud early, manage your budget more effectively, and have peace of mind knowing that your financial activities are being monitored closely.

Alert options with Stoughton Credit Union Online Banking/Mobile App

  • Security Alerts (New Payee Added, Personal Access Code (PAC) changed, and Online Banking Account Locked out, Online Login)
  • Balance and Activity Alerts (Low Balance, Deposit and Withdrawal)
  • Payment Alerts (Insufficient Funds, Scheduled Payment Failed, and Scheduled Transfer Failed)

How to Add Alerts
1.  Login to your Online Banking or Mobile App.
2.  Navigate to the Alerts section.
3.  Add your Contact info.
4.  Select the Alerts you'd like to receive.

Lock’N’Block® is quick, easy, and convenient – whether your card has been lost or stolen, you can rely on Lock’N’Block to protect you from fraud with the click of a button.

How it works

  • Login to your account via Online Banking or Mobile App.
  • Mobile App: Click on the Lock'N'Block® icon  Onling Banking: Navigate to 'Account Services' and select Lock'N'Block®.
  • Select the card and toggle 'on' or 'off' the required option.
  • That’s it!


 
 
 
 
 
 
 
 

Stoughton Branch: (306) 457-2443
Kisbey Branch: (306) 462-2220
Text: (306) 802 4487
Email: info@stoughtoncu.com

 
Find a Branch/ATM  
Legal   
Privacy 
Help Guide  
Credit Union Deposit Guarantee  
Report Lost/Stolen Card
 
 
 

Leave us a Google review

Google Pay and Google Wallet are trademarks of Google LLC.