Online Banking Fraud

Online Banking makes daily banking fast and convenient however, there are many fraudsters out there who’ve made it their business to fool you into sharing your financial information by using sophisticated tools that look real to most users. In this section, we’ll go over the most common types of online, email and text fraud, share what we’re doing to protect you, and provide you some tips on how to protect yourself from it.

Here are some types of online banking fraud:

Phishing:

Phishing is a common form of online deception in which fraudsters attempt to gain access to your banking information by sending fraudulent emails to unsuspecting users pretending to be from a legitimate company.  

How does phishing work?

The email directs the recipient to select links which are linked to fraudulent websites and the recipient is asked to enter personal information. This scam is designed to steal personal information (for example, SIN, financial data such as credit card numbers or online banking login credentials etc.) by appearing to come from a legitimate company such as a Vancity in the form of email or text. The fraudster will then use the information they received to access your accounts, spend your money, or steal your identity.

Smishing:

Another type of mobile fraud and a variant of the email phishing scam is smishing (SMS phishing or smishing), which uses text messages to fool you into sharing your financial data and personal information.

How does smishing work?

You receive a text message on your cell phone. The message states that it is from Vancity and creates a sense of urgency by telling you that your account has been suspended or locked for some reason. Some possible reasons they may use include: “due to unauthorized access, excessive unsuccessful attempts to gain access or other fraudulent activity.”

The message will end by telling you that you can reactivate or unlock your account by:

  • calling the phone number provided
  • linking to the Internet site provided in the text message.

Whether calling the phone number provided or linking to the internet site, you will be asked to provide personal information, often including your account number, personal access code (PAC), security question/answers, SIN, and other personal information. 

Interac e-transfer Interception Fraud:

e-Transfers provide a convenient way to send money through online banking. It’s secure and convenient however, if a device is compromised fraudsters can gain access to e-transfers via email, text or by guessing the security question.

How does Interac e-transfer fraud work?

If fraudsters are successful in gaining access to your device or by guessing the security question, the e-transfer can be intercepted, and the funds diverted to another financial account. 

How to protect yourself?

Here are some key things that you can do to ensure that your Interac e-Transfers are protected:

  • The security question created is something unique that only you and the recipient would know.
  • Double check to ensure the phone number and/or email address of the recipient is correct
  • Only send Interac e-Transfers with recipients you know and trust.

Here are some tools we’ve put in place to make your online banking experience secure and safe to help in mitigating risk to you and your money.  Nothing is more important to us than the security of your personal information. If our employees or members identify a phishing site, we work to bring down the fraudulent site as quickly as possible.

Here are some Vancity examples of phishing:

Text message sent by smisher:


Phishing site displays "Account Suspended"


This is what clicking "Continue" looks like:


After providing the credentials, the victim is asked for security questions and answers.


If one provides questions and answers an "Account Activated" message appears and the phishing site redirects to the real Vancity Site.


Prevention and Online Banking Tips:

  • If you think you've received a phishing email or text message, do not respond to it. Delete it and report it immediately to the company being faked or “spoofed.” Do not reply to any email or text that requests your personal banking information from Vancity – we would never ask you to submit your banking or personal information by email or text.
  • Never enter personal or financial information into pop-up windows. Simply close the pop-up windows by clicking the X in the top right corner of the window (a "cancel" button may not work as you'd expect).
  • Do not google Vancity’s website or login using a link sent through email, text, or social media. Instead, you should type vancity.com. This will ensure you have been directed to a legitimate Vancity owned website.
  • Do not respond to messages displayed on your computer advising your computer has been “hacked”. Instead, contact Vancity directly so we can provide you with steps on how to protect your accounts and device if you feel there has been a compromise.
  • Keep your PAC (Personal Access Code) secure – do not make is easy to guess, do not write it down, do note share with anyone and never save your PAC on any device.