Security is Everyone's Responsibility
An intercepted e-Transfer occurs when a person sends a legitimate e-Transfer to someone and fraudsters intercept and deposit the funds before the intended recipient has a chance to accept the e-Transfer.
e-Transfers are a crime of opportunity rather than a targeted. Fraudster access the recipient’s email – usually when the recipient has clicked on a phishing email - and sees the e-Transfer notification and re-routes the funds into a different account by answering a weak security question.An e-Transfer can also be intercepted and mistakenly directed to another person if the recipient’s contact details are incorrect.
Red flags an e-Transfer is being Intercepted:
- You receive an email from the recipient stating they are having trouble accepting the e-Transfer
- You are asked to change the security question or provide the answer again via email
- You are asked to change the email recipient address and resend
- You receive an email from the recipient to change or confirm the password or they provide you with a password to use
Tips to Protect Yourself:
- Do not communicate the e-transfer security answer via email (or in the e-transfer security question memo section)
- Choose a security question that is not easily guessed by a third party
- Call or text the recipient if they can not accept the e-Transfer to verify it is them
- Enroll for Autodeposit. When you are registered for this feature, e-Transfers are automatically deposited to your account
- Ensure the recipient’s contact details are correct and up-to-date
- Contact your Financial Institution immediately if you sense something suspicious
So what is an overpayment scam and how does it work?
Fraudsters will pose as a ‘buyer’ and target online ads for high-priced items, such as furniture, vehicles, cell phones, etc. The ‘buyer’ starts by contacting the seller with an offer and then sends them a payment (cheque or money order) for an amount much higher than the price of the item and requests the ‘extra’ money be returned.
For example: The item you are selling is listed for $700 but you receive $1,500 in payment (usually cheque or money order). The fraudster may claim that the extra funds were sent by accident and need to be returned, or that the funds are to cover shipping costs/custom fees. When you, the seller, goes to deposit the payment into your account the fraudster will request you withdraw the ‘extra’ amount and send it back to them or to a specified third party. Later when the payment is processed, it will be discovered that it was fraudulent. The seller won’t receive any of the funds promised for the item they had for sale, and worse yet there’s potential they’ve been tricked into giving away money. |
Red flags to watch out for
- The email you received has bad grammar or looks generic
- You are being pressured to complete the transaction
- The ‘seller’ is in a rush & needs the item immediately
- The ‘seller’ has no issue adding extra funds for shipping or costs
- The ‘seller’ does not live in the same town, province, or country as you & wants to buy the item without seeing it
Tips to Protect Yourself
- The biggest defense is to immediately end a transaction with anyone who overpays you
- Cancel any order requesting a portion of the payment to be refunded
- Never send money to get money
- Wait for the cheque to clear before sending any merchandise in the mail. Or only accept cash, certified cheque, or e-transfer as payment
- Question anything that makes you feel suspicious – especially if it seems too good to be true
- Sell locally! Know who you’re dealing with. Ask questions if the buyer is not local or willing to pay extra for shipping
- Always meet in public, safe place to complete an exchange
1. Be vigilant – a reputable company or organization will never ask for personal information, by email or text. By hovering over the ‘from’ email address, you will see the actual email address. Ignore and delete emails from unknown contacts, as they can carry viruses.
2. Be skeptical – fake emails can look like they came from a real organization. If you have any doubts, don’t use the toll-free number, email address, or website address provided because they may link you to the scammer, use contact information listed on a verified website.
3. Never click on suspicious links or attachments – does the email include an attachment that you weren’t expecting? Phishing emails often include embedded links that look valid. Hover over the link and you can see the real hyperlink. Carefully check if it’s accurate before clicking.
4. Protect your devices – Install anti-spam, anti-spyware and anti-virus software on your home computer and make sure it is kept up to date.
5. If you receive a phishing email – report and delete it. Whether you’ve been scammed or targeted, you should always report it. Authorities may be able to warn others and alert the media to minimize the scam spreading. You should also warn your friends and family.
• Check your financial accounts regularly to confirm you recognize all listed transactions.
• Create unique, complex passwords for all of your secure accounts.
• Sign up for additional account verification and protection methods whenever offered (i.e. a security question or unique login code via phone/text/email).
• Sign up for text/email/phone notifications through your credit union to receive immediate transaction alerts.
• Immediately contact your credit union to report suspicious card activity; if given the option, turn your card off immediately.
• If you receive a phone call or text claiming to be from your credit union and asking for personal or financial information, call your credit union directly to verify the request before providing any info.
• Don’t click or open an attachment if you don’t know the email sender.
• If you receive a suspicious email or attachment from an email sender you know, send a new email to the individual to verify they sent it before opening.
• Do not send or respond to an email where the listed email address redirects you to a different email address when replying.
• Be careful when downloading unfamiliar retailer/shopping apps, as fake apps are created to steal your information, especially during the holidays.
• Be on the lookout for fake charity scams, which ramp up after catastrophes and during the holidays; verify the legitimacy of a charity before contributing to any donation requests from an unknown source.
• Be aware of “sweetheart scams” where a stranger reaches out with a claim of romantic interest, and then eventually asks for your money or financial information.
• Purchase gift cards in store to avoid empty gift card scams.
We take many precautions to protect the online banking environment and ensure your information is safe. Our online services offer you the best security currently available in a commercial environment so that your personal and financial information is protected while in transit between your computer and our server. This is done through the use of industry standard security techniques such as encryption. Encryption ensures that information cannot be read in transit or changed by scrambling the data using a complex mathematical formula. Some browsers can create a more secure channel than others, owing to the ‘strength’ of their encryption. We use only the strongest channel available - referred to as 128-bit SSL (Secure Socket Layer). If you have a browser that only supports ‘weaker’ encryption such as 40-bit or 56-bit SSL, you will need to upgrade your browser before using our site. The longer and more complex the ‘key’ is, the stronger the encryption. The 40 and 128 refer to the length of the key. Since 128 is longer, than 40, it is more secure. According to Netscape, 128-bit encryption is trillions of times stronger than 40-bit encryption.
We also ensure that only individuals who provide an authentic Personal Access Code can access your account information. After 20 minutes of inactivity your online banking session will end and you will be required to login again however personal information may remain visible after that time. To ensure your information remains private you should always logout of online banking to end your session.
Access to our databases is strictly managed and systems are in place to ensure security is not breached, including the physical security of our computer hardware and communications.
For more information on the specific policies and practices that we use to safeguard your personal and financial information, please click here to view our Privacy Statement.
In order for us to ensure that only you are accessing your accounts, we need a unique way of knowing that it's you. Just as the key to your home protects unwanted entry, the online banking ‘key’—your Personal Access Code (PAC)—ensures that only you can access your accounts.
It is your responsibility to ensure that your ‘key’ to the online banking section of this website is protected. Please observe the following security practices:
- Select a PAC that is easy for you to remember but difficult for others to guess.
- Do not select a part of your PIN (your ATM ‘key’) or another password.
- Keep your PAC confidential and do not share it with anyone.
- Do not write your PAC down or store it in a file on your computer.
- Never disclose your PAC in a voice or email, and do not disclose it over the phone.
- Ensure no one observes you typing in your PAC.
- Change your PAC on a regular basis. We suggest every 90–120 days.
How to Change Your Personal Access Code (PAC)
Step 1: Log in to online bankingStep 2: Click on ‘Profile and Preferences’ on the left hand navigation
Step 3: Select ‘Change Personal Access Code’
Step 4: Enter your existing PAC, then enter your new PAC twice
Step 5: Select ‘Submit’
You should receive a confirmation pop-up that your PAC has been successfully changed.
- Never leave your computer unattended while using our online banking services.
- Always exit the site using the Logout button and close your browser if you step away from your computer. Your browser may retain information you entered in the login screen and elsewhere until you exit the browser.
- Prevent the browser from caching (storing) the pages that you view by using the Enhanced Security feature located on the login screen. We strongly recommend that you use this feature if you are accessing the online banking section of the website from a shared computer, such as at a friend's house or through a publicly-accessible computer, such as at a library or airport.
- Secure or erase files stored on your computer by your browser so others cannot read them. Most browsers store information in non-protected (unencrypted) files in the browser's cache to improve performance. These files remain there until erased. They can be erased using standard computer utilities or by using your browser feature to ‘empty’ the cache.
- Disable automatic password-save features in the browsers and software you use to access the Internet.
- Install and use a quality anti-virus program. As new viruses are created each and every day, be sure to update your anti-virus program often. It is recommended you update anti-virus definitions weekly. Scan all download files, programs, disks and attachments and only accept files and programs from a trusted source.
- Install and use a personal firewall on your computer to ensure others cannot access your computer through the Internet.
- Install new security patches as soon as your operating system and Internet browser manufacturers make them available.
- Install an anti-spyware program and check your computer regularly.
If you come across a program like this when you are using a public computer, using the Enhanced Security feature located on the login screen will not stop these types of programs from caching the pages you view. You can adjust the search program preferences so it does not store secure pages you wish to view. If you forgot to adjust the preferences before banking online, you can remove the stored items via the Google Desktop results page by clicking on the Remove items link.
To ensure a safe and secure Internet session, only visit reputable sites. If you visit any questionable web site beforehand, we recommend you close your browser and restart it before proceeding to use our online banking services.
Electronic identity theft can occur when you respond to a fraudulent email that asks for your personal banking information. Armed with this information, a person may be able to access your accounts or establish credit, pay for items or borrow money using your name. You can help protect yourself from electronic identity theft by following some simple precautions.
Safety precautions for online banking
- The easiest way to tell if an email is fraudulent is to bear in mind that we will never ask you for your personal passwords, personal information numbers or login information in an email. Legitimate financial institutions do not include links to their web sites in email communications to customers.
- When banking online, check the address of any pages that ask you to enter personal account information. In the toolbar at the top of the page any legitimate Internet banking web site will begin with ‘https’ to indicate that the page is secure.
- Look for the padlock found in the lower right corner of your screen. If the page is legitimate, by clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details.
- Type in our web address yourself to ensure you are transacting with our server.
- Check your bank and credit card statements regularly to ensure that all transactions are legitimate.
Contact First Credit Union immediately if you suspect someone has gained knowledge of your PAC/PIN, or if you suspect any loss, theft or unauthorized use of your account.