Protection of Personal Information
Fraud Prevention Tips
- Avoid making purchases and banking transactions unless you are certain that you are on a secure site/connection (i.e.,https://)
- Be suspicious if a website domain name is different. For example, you may be used to shopping at Amazon, whose website address is www.amazon.ca, but end up at a fake website that looks similar but has the website address www.aamazon.ca.
- Regularly update your browser, and other software to increase your resistance to common malware, phishing, and other common attacks.
- Avoid online shopping when connected to unsecured Wi-Fi connections (like at an airport or coffee shop).
- If you think you’ve entered your password on a fraudulent site, go to the authentic site and change your password immediately.
- Protect your online accounts by using a unique, strong password for each of your accounts.
- Add an extra layer of security to protect your sensitive online accounts. The adoption of 2FA (also known as multifactor authentication) is a tool that makes stealing your credentials significantly more difficult than just using a password alone.
- Be cautious of any link or attachment provided in an e-mail.
- If you believe a phone call is an attack, simply hang up. Never trust Caller ID. Bad guys will often spoof the caller number so it looks like it is coming from a legitimate organization
- If you receive a suspicious or fraudulent correspondence claiming to be from Amazon or another service provider, report it immediately.
- Be sure that you understand the seller’s warranty and return policies before you make your purchase.
- If you believe you have been scammed on an online ad/marketplace site, be sure to report the seller/post.
- Be suspicious of ads or promotions on search engines or social media that are significantly lower than those you see at the established online stores. If a deal sounds too good to be true, it may be a scam.
- Regularly review your credit card statements to identify suspicious charges. If you find any suspicious activity, call your credit card company right away and report it .
- Sign up for alerts. Make sure your bank accounts are configured to alert you whenever a transaction is made, especially for large purchases or money transfers.
- If you entered your payment information on a website or replied to a potentially fraudulent email, contact your financial institution immediately.
- Inform the local police
- Canadian Anti-Fraud Centre 1-888-495-8501
- Crime Stoppers at 1-800-222-TIPS
- The Competition Bureau at 1-800-348-5358
- Contact your credit reporting agencies TransUnion and Equifax.
Take action immediately if you suspect identity theft
- Contact your credit union immediately if you suspect you have been a victim of identity theft or if there is unusual activity on your account.
- Report the crime to the police and file a report.
- Contact each credit grantor who has opened a fraudulent account in your name and close it right away.
- Change your PIN and PAC numbers for your cards and access to your accounts.
- Contact Canada Post if you suspect someone is diverting your mail.
- Document the details of your contacts above with dates, names of the people you spoke with and the specifics of the discussion.
Some bad actors will try to profit or piggyback off any opportunity, including the pain of others. Unfortunately, other fraudsters may follow after a security breach by impersonating employees at a given organization.
Please note the following regarding how or how not ECU will engage its members for information:
ECU – A Division of WFCU Credit Union will not call or email members regarding any incident where asking for PACs or other personal information would be required.
ECU will NEVER call, text or email members in general to ask for your PAC, passwords or any other personal information including credit card number or account information, Social Insurance Numbers. If a request for this information is made using any of these methods, DO NOT provide your information. Immediately report the incident to 1.888.767.9535.
Members should also be mindful of the possibility of phishing emails and calls due to an incident. Tips on spotting fraudulent emails/messages are above.
Phishing is an attempt to acquire personal information, sometimes to compromise online banking accounts by posing as a legitimate company in an electronic communication. These emails are not from ECU. If you believe you have received a fraudulent email that claims to be from ECU – A Division of WFCU Credit Union:
- Do not reply to the email.
- Do not click on any of the links embedded in the email.
- Forward the email to info@myECU.ca.
- After forwarding the email to ECU – A Division of WFCU Credit Union for investigation, delete it.
- Monitor your account and call us if you notice any unusual activity.
ECU – A Division of WFCU Credit Union will not call or email members regarding any incident where asking for a PACs or any other personal information would be required.
If you have provided personal information over the phone or clicked on links in a fraudulent email, follow these additional steps:
- Call us immediately at 1-888-767-9535 to report that your account information may have been compromised.
- Sign in to your ECU – A Division of WFCU Credit Union Online Banking and change your password.
- Check your accounts for suspicious activity.
- Update and run anti-virus software on your computer.
In 2020, we are seeing a rise in the botnet Necurs. What is a botnet? Imagine the damage one infected computer can cause – compromising your email account, gathering sensitive information such as usernames and passwords, granting control of your system to a hacker. Now consider a huge group of these devices working together, that’s what a botnet can do. An attacker can remotely control all of the devices as a group to do things like sending spam messages, generating fake website traffic, distributing ads to everyone in the botnet or coercing payment from users in order to be removed from the botnet.
Necurs is known to use up to 6 million endpoints, delivering some of the worst banking Trojans and ransomware threats in batches of millions of emails at a time, and it keeps reinventing itself.
How does it happen?
Typically, this type of attack starts with a piece of malware that you are tricked into installing, such as:
- Through an email attachment, any type of document, that when downloaded triggers the installation of the malware.
- By clicking a link on an ad, such as a pop-up warning that your device has a virus, which will download and install the malware.
- A software download from an untrusted source that turns out to be malware
How can you protect yourself?
Botnets can be very difficult to detect without the use of antivirus software. Very often the attacker will simply use your device for small, seemingly regular tasks. This type of activity barely registers but when millions of computers carry out the same task simultaneously, the effect can be catastrophic.
Although botnet attacks can be extremely complex, keeping your computer or device from becoming part of a botnet is fairly simple. Here are some tips to keep you safe:
- Ensure you have a reputable antivirus program installed on your computer and run regular virus scans.
- Never download attachments from email senders you don’t know. In fact, be very careful about opening emails from unknown senders.
- If you receive an unexpected attachment from a known sender, be wary as well. Their computers could be infected, and the email unknowingly sent through the malware.
- Routinely update your software and operating system patches to protect against the daily creation of viruses and vulnerabilities.
- Avoid untrustworthy websites and ads. Be extremely cautious about downloading any software from websites you do not recognize.
Overall, the best protection is safe browsing and download behaviours and the installation of reputable anti-virus software. Keep it up-to-date and run regular health checks on your machine. Your anti-virus software should easily remove or block the botnet malware from your computer and prevent any future infections.
Romance and Emergency Scams use your own emotions against you to rob you of your money; and in a time of social isolation and financial uncertainty for many due to Covid-19, scammers are taking every opportunity they can to take money from unknowing victims. Knowing what to look for and how to identify potential fraud scenarios can help protect you and your money. For tips and tricks on what you can do to protect yourself against falling victim to fraud click here.
With many members working or spending more time at home, they are interested in finding new ways to pass the time. Online gaming may seem like a harmless way to have some fun – and it can be as long as you remain vigilant to potential fraud.
Please note that it is illegal for online gaming sites or hosts to request money to participate in any sort of gaming activity or for you to pay to participate in any online gaming. Online gaming can include games of chance, bingo, raffles, poker, squares, etc., and must be run through the Ontario Lottery and Gaming Corporation (OLG). It is important that members do not send funds to or participate in games run through social media sites that are not properly licensed.
If you are asked to pay to play think twice – make sure the host holds or displays a valid license!
Money laundering claims many victims. Drug trafficking, illegal arms sales, prostitution, commercial fraud, people smuggling, corruption, and organized theft threaten the safety and security of our community.
Compliance with Proceeds of Crime (Money Laundering) Act helps detect, deter, and prevent money laundering activities. Under this Act is mandatory information, record keeping, and reporting requirements for financial entities including credit unions.
You will be asked to provide identification such as birth certificate, driver’s license, or similar type identification at account opening or when processing specified transactions.
MemberDirect® Online, Mobile Web, and Mobile App Security Features
ECU – A Division of WFCU Credit Union has several security measures in place to ensure the safety of our online banking environment and we continue to improve upon those measures as new technologies come into play.
Enhanced Personal Access Code (PAC)
Members who login to MemberDirect Online or the Mobile App for the first time will be asked to change their PAC to comply with the following parameters:
- A minimum of 8 characters and a maximum of 30 characters
- At least 1 uppercase letter
- At least 1 lowercase letter
- At least 1 number
- At least 1 special character – examples @#$-!|
- No spaces
It is important to note that Enhanced Personal Access Codes will not affect Telephone Banking Codes which will remain as they currently are.
You can change your PAC when you login to Online Banking or use the Mobile App at anytime. Simply choose Profile and Preferences and then Change Personal Access Code. If you require assistance, please contact your branch.
Additional Security Enhancements
MemberDirect Alerts help you to be confident and in control of your finances by notifying you about account activity including the addition of a new bill payment vendor or e-Transfer recipient, PAC code change or Online Login. Alerts can be sent by text message or email. If you haven’t set up alerts, it is recommended that you do so right away!
Increased Authentication delivers an additional layer of security by asking members to self-select three challenge questions, in addition to their unique personal access code.
This feature uses an advanced algorithm to detect suspicious online activity by creating patterns of usage by members based on device, location and other behaviours. The data can help to identify and prevent potentially fraudulent activities.
MemberDirect also employs a cyber security measure as a defence against fraudulent login attempts by blocking login access when unusual login attempts are detected.
Frequently Asked Questions
Yes. You will have to set up both of these features for each individual account you have.
Security registration is not available via Mobile Banking for the initial setup of your enhanced login security features. Your mobile device can be registered after you have completed the initial setup on your personal computer. Strong PAC can be set up using your Mobile App. For complete details, please click here to watch our ‘How-To’ video.
Registering your computer places a permanent cookie on your computer for identification purposes. This ensures that each time you login to Online Banking you are recognized and will not be asked to answer your security question.
Clearing your computer’s cookies will delete your registration. Online Banking will in turn prompt you to register your computer again.
It is important to register your computer only if you are the owner of the computer (such as a home PC) or its sole user (such as a personal work PC). More than one computer can be registered. Do not register shared computers (for example, shared work computers or computers accessible in public libraries, etc.).
All accounts, single or joint will be asked to select security questions. It is important, therefore, that if you operate a joint account, all account holders need to be aware of the answers to the selected security questions. You can select specific security questions geared for joint accountholders.
If you have answered your security question incorrectly three times and are locked out, call the Member Contact Centre at 1-888-767-9353. Our Member Contact Centre will verify your identity and unlock you. While you are locked out of Online Banking, you can continue to access your account using telephone banking as well as ATM and POS transactions.
If you forget the answers to your selected security questions please call our Member Contact Centre at 1-888-767-9535.
If you forget your Personal Access Code (PAC), please visit any of our retail locations and our staff can assist you with this process. For security reasons, your PAC cannot be changed over the telephone.
ECU – A Division of WFCU Credit Union Online Banking security features are designed to provide further protection for your personal information. We encourage you to set your Strong PAC in addition to registering your computer and setting up security questions as soon as you are prompted.
Your security is our priority. ECU – A Division of WFCU Credit Union makes every attempt to ensure that your personal and financial information is safe and secure.
Once you login to Online Banking, click on the “My Profile” button located on the top menu bar. Then click on “Change Security Questions” button on the left side menu and simply follow the prompts.
Shopping Online Securely
During the holiday season, many of us will be looking to buy the perfect gifts and shop online. Unfortunately, cyber criminals will be active as well, creating fake shopping websites and other online shopping scams to steal your information or money.
Criminals create fake online stores that mimic the look of real sites or use the names of well-known stores or brands.
When you search for the best online deals, you may find yourself at one of these fake sites. By purchasing from such websites, you can end up with counterfeit or stolen items, or your purchases might never be delivered
Large online stores often offer products sold by different individuals or companies that might have fraudulent intentions.
Everybody loves a great deal. But shocking offers, unbelievable discounts and unreal rates may signal that the offer isn’t quite what it seems.
Fraudsters recognize that consumers spend a lot of time on social media and will post ads for free trials, or discounted merchandise.
They may also use the names and photos of well-known individuals or companies to fake endorsements of their products
Cyber attackers use SMS/text messages to try to trick you into taking action you
should not take.
For example, gift card scams can work this way. A cyber attacker will send you an urgent email pretending to be a friend, then ask for your cell phone number. Then they can send repeated text messages, pressuring you to purchase gift cards. Once purchased, the attackers have you scratch off the code on the back of the cards and message a picture of the codes back to them.
When attackers create an email that attempts to trick you into taking an action, such as opening an infected email attachment, clicking on a malicious link, or giving up sensitive information.
For example, you are notified your package was delayed, even though you never ordered a package
Scammers may call you impersonating a financial institution.
For example, an automated voicemail informs you that your credit card has been cancelled, and you must call a number back to reactivate it