12 tips on how to avoid, detect and report phishing scams 

Phishing is one of the most common types of fraud. It involves pretending to be a financial institution or other well-known organization to trick someone into giving away their money or confidential information. Scammers contact a large number of people by email, text, phone and even social media in the hopes of hooking just a few. And now they’re increasingly using artificial intelligence (AI) to refine their tactics. Read on to find out how you can protect yourself from taking the bait.

You run the risk of installing malware on your device without even knowing—just by clicking a link, image or file or downloading content. Links can send you to fake sites designed to collect your banking information, password and other valuable information.

If you get a suspicious message or you’re not sure about the sender, just don’t click.

Scammers have more than just fraudulent links in their bag of tricks. Nowadays, they also use QR codes, those square bar codes you can scan with your smartphone. Scammers add them to their phishing emails or post them in public spaces. Once scanned, fake QR codes can redirect you to sites that mimic legitimate sites, or even install malware on your device. 

Before scanning a QR code, make sure it comes from a reliable source.

Phishing isn’t always about stealing your money. Sometimes scammers want your password so they can get into your accounts with financial institutions, social media and online retailers, for example. Then they use your personal and financial information to open a fraudulent account or apply for a loan.

Be careful if someone asks you for this kind of information, especially if you’re not the one who started the conversation. Before you tell anyone anything, always make sure they really are who they say they are.

• Choose strong passwords External link.. Think of a password that no one can guess, not even your family or friends. Use at least          12 characters including upper and lower case letters, numbers and special characters. Choose a different password for every account. Use a password manager to keep track of all your passwords. That way, you only have one password to remember!
• Keep your devices and software up to date and use antivirus software.

• Turn on the 2-step verification External link.. With 2-step verification, you'll be asked to enter your password and then a single-use code that's sent to you by email or text. Turn on the 2-step verification whenever you have the option to boost the security on your account.

This is an easy way to prevent your banking account password and debit or credit card PIN from falling into the wrong hands. If you share this information with other people, you can be held responsible for all the transactions in your account—even fraudulent ones.

It may seem like no big deal to share your birthday, where you live or work, or where you went on your last vacation. But when you give scammers access to this kind of information, they can use it to personalize their approach and use AI to make their messages even more convincing. For example, AI can analyze the information from your social media accounts to create phishing messages that refer to specific details about your life, like your work, hobbies and interests.

The information you share on social media can also be used by scammers for psychological manipulation (also known as social engineering).

This particular technique involves pretending to be someone the victim trusts and getting them to share information. For example, while you’re away on vacation, scammers could steal your identity and try to trick friends and family into sending them money by pretending you’re in trouble.

A lot of scams involve some kind of unexpected situation or problem that requires you to act fast, without thinking things through. For example, scammers might ask you to update your personal information or risk having your accounts frozen or closed. Or you might be told that you have to pay a fee because a package for you has been held at the border.

Check what's going on by calling the person or company directly. Don't use the contact information in the message you receive: go online and find the official number yourself.

It’s pretty unlikely that you won a contest you never entered or that a company issued you a credit without you ever asking for it. Similarly, you’ll never get your government benefits or tax refund by Interac e-Transfer®. If someone is offering free cash that you haven’t even asked for, you should hear alarm bells ringing.

Consider whether someone you know would really send you a vague message saying “Is it you in this video?!” and asking you to click a link or open an attachment. It’s much more likely that their account or email was hacked and that cybercriminals are trying to use your curiosity to their advantage.

You should also question any content in which celebrities promote miracle products or make sensational claims. This could be content created using AI that can edit or create any kind of image, sound or video for the purpose of misleading you.

Pay attention to how the people in these videos move their lips or their bodies. Are their sentences disjointed? Or just plain weird? These are all telltale signs of AI-generated content. To identify AI-generated photos, keep an eye out for clues like a lack of detail, unrealistic textures and wonky physical features.

Oops, you clicked the link? Whether or not you provided any personal or confidential information, here's what you need to do:

Forward the email or text message to protection@desjardins.com so we can inspect it. However, we won't reply to your message. Don’t do anything else with the suspicious message: Just delete it.

If you have provided personal or confidential information, notify the following organizations to increase security for your account and prevent scammers from opening fraudulent loan or credit card accounts in your name:

• Your financial institution and any other financial partners

• Credit bureaus Equifax External link. and TransUnion External link.

• The Canadian Anti-Fraud Centre

Change your passwords right away so that scammers don’t do it first and lock you out of your accounts. Use a different device than the one that may have been hacked. 

Check for malware or unusual software on the device you were using during the phishing attempt. One way to do this is by running your antivirus software. This step will help prevent scammers from spying on your actions or stealing your new login information.

Scammers use different means of communication and a wide range of scenarios to try to get your money and personal information. Be careful, stay on top of the latest scams and fraud, and if something happens, act quickly to protect your identity.

Regularly check your banking and credit card accounts for suspicious transactions.

You should also periodically check your Equifax or TransUnion credit file in the Credit report section on AccèsD.

What’s more, you can turn on credit monitoring and get email alerts by entering our email address in the My Profile section of the TransUnion CreditView® Dashboard.