Member Protection

Protection of Personal Information

The security of your information should be one of your top priorities, and is of paramount importance to ECU – A Division of WFCU Credit Union. As always, if you have any questions or concerns, we’re here to help. Contact your branch or email security@myECU.ca for further assistance or guidance.

Shopping Online Securely

The holiday season is nearing. Many of us will be looking to buy the perfect gifts and shop online. Unfortunately, cyber criminals will be active as well, creating fake shopping websites and other online shopping scams to steal your information or money.

Holiday Scams

Criminals create fake online stores that mimic the look of real sites or use the names of well-known stores or brands.

When you search for the best online deals, you may find yourself at one of these fake sites. By purchasing from such websites, you can end up with counterfeit or stolen items, or your purchases might never be delivered

Large online stores often offer products sold by different individuals or companies that might have fraudulent intentions.

Everybody loves a great deal. But shocking offers, unbelievable discounts and unreal rates may signal that the offer isn’t quite what it seems.

Fraudsters recognize that consumers spend a lot of time on social media and will post ads for free trials, or discounted merchandise.

They may also use the names and photos of well-known individuals or companies to fake endorsements of their products

Cyber attackers use SMS/text messages to try to trick you into taking action you
should not take.

For example, gift card scams can work this way. A cyber attacker will send you an urgent email pretending to be a friend, then ask for your cell phone number. Then they can send repeated text messages, pressuring you to purchase gift cards. Once purchased, the attackers have you scratch off the code on the back of the cards and message a picture of the codes back to them.

When attackers create an email that attempts to trick you into taking an action, such as opening an infected email attachment, clicking on a malicious link, or giving up sensitive information.

For example, you are notified your package was delayed, even though you never ordered a package

Scammers may call you impersonating a financial institution.

For example, an automated voicemail informs you that your credit card has been cancelled, and you must call a number back to reactivate it

Fraud Prevention Tips

  • Avoid making purchases and banking transactions unless you are certain that you are on a secure site/connection (i.e.,https://)
  • Be suspicious if a website domain name is different. For example, you may be used to shopping at Amazon, whose website address is www.amazon.ca, but end up at a fake website that looks similar but has the website address www.aamazon.ca.
  • Regularly update your browser, and other software to increase your resistance to common malware, phishing, and other common attacks.
  • Avoid online shopping when connected to unsecured Wi-Fi connections (like at an airport or coffee shop).
  • If you think you’ve entered your password on a fraudulent site, go to the authentic site and change your password immediately.
  • Protect your online accounts by using a unique, strong password for each of your accounts.
  • Add an extra layer of security to protect your sensitive online accounts. The adoption of 2FA (also known as multifactor authentication) is a tool that makes stealing your credentials significantly more difficult than just using a password alone.
  • Be cautious of any link or attachment provided in an e-mail.
  • If you believe a phone call is an attack, simply hang up. Never trust Caller ID. Bad guys will often spoof the caller number so it looks like it is coming from a legitimate organization
  • If you receive a suspicious or fraudulent correspondence claiming to be from Amazon or another service provider, report it immediately.
  • Be sure that you understand the seller’s warranty and return policies before you make your purchase.
  • If you believe you have been scammed on an online ad/marketplace site, be sure to report the seller/post.
  • Be suspicious of ads or promotions on search engines or social media that are significantly lower than those you see at the established online stores. If a deal sounds too good to be true, it may be a scam.
  • Regularly review your credit card statements to identify suspicious charges. If you find any suspicious activity, call your credit card company right away and report it .
  • Sign up for alerts. Make sure your bank accounts are configured to alert you whenever a transaction is made, especially for large purchases or money transfers.
  • If you entered your payment information on a website or replied to a potentially fraudulent email, contact your financial institution immediately.
  • Inform the local police
  • Canadian Anti-Fraud Centre 1-888-495-8501
  • Crime Stoppers at 1-800-222-TIPS
  • The Competition Bureau at 1-800-348-5358
  • Contact your credit reporting agencies TransUnion and Equifax.

Take action immediately if you suspect identity theft

  • Contact your credit union immediately if you suspect you have been a victim of identity theft or if there is unusual activity on your account.
  • Report the crime to the police and file a report.
  • Contact each credit grantor who has opened a fraudulent account in your name and close it right away.
  • Change your PIN and PAC numbers for your cards and access to your accounts.
  • Contact Canada Post if you suspect someone is diverting your mail.
  • Document the details of your contacts above with dates, names of the people you spoke with and the specifics of the discussion.

In 2020, we are seeing a rise in the botnet Necurs. What is a botnet? Imagine the damage one infected computer can cause – compromising your email account, gathering sensitive information such as usernames and passwords, granting control of your system to a hacker. Now consider a huge group of these devices working together, that’s what a botnet can do. An attacker can remotely control all of the devices as a group to do things like sending spam messages, generating fake website traffic, distributing ads to everyone in the botnet or coercing payment from users in order to be removed from the botnet.

Necurs is known to use up to 6 million endpoints, delivering some of the worst banking Trojans and ransomware threats in batches of millions of emails at a time, and it keeps reinventing itself.

How does it happen?

Typically, this type of attack starts with a piece of malware that you are tricked into installing, such as:

  • Through an email attachment, any type of document, that when downloaded triggers the installation of the malware.
  • By clicking a link on an ad, such as a pop-up warning that your device has a virus, which will download and install the malware.
  • A software download from an untrusted source that turns out to be malware

How can you protect yourself?

Botnets can be very difficult to detect without the use of antivirus software. Very often the attacker will simply use your device for small, seemingly regular tasks. This type of activity barely registers but when millions of computers carry out the same task simultaneously, the effect can be catastrophic.

Although botnet attacks can be extremely complex, keeping your computer or device from becoming part of a botnet is fairly simple. Here are some tips to keep you safe:

  • Ensure you have a reputable antivirus program installed on your computer and run regular virus scans.
  • Never download attachments from email senders you don’t know. In fact, be very careful about opening emails from unknown senders.
  • If you receive an unexpected attachment from a known sender, be wary as well. Their computers could be infected, and the email unknowingly sent through the malware.
  • Routinely update your software and operating system patches to protect against the daily creation of viruses and vulnerabilities.
  • Avoid untrustworthy websites and ads. Be extremely cautious about downloading any software from websites you do not recognize.

Overall, the best protection is safe browsing and download behaviours and the installation of reputable anti-virus software. Keep it up-to-date and run regular health checks on your machine. Your anti-virus software should easily remove or block the botnet malware from your computer and prevent any future infections.

 

Romance and Emergency Scams use your own emotions against you to rob you of your money; and in a time of social isolation and financial uncertainty for many due to Covid-19, scammers are taking every opportunity they can to take money from unknowing victims.  Knowing what to look for and how to identify potential fraud scenarios can help protect you and your money. For tips and tricks on what you can do to protect yourself against falling victim to fraud click here.

With many members working or spending more time at home, they are interested in finding new ways to pass the time.  Online gaming may seem like a harmless way to have some fun – and it can be as long as you remain vigilant to potential fraud.

Please note that it is illegal for online gaming sites or hosts to request money to participate in any sort of gaming activity or for you to pay to participate in any online gaming.  Online gaming can include games of chance, bingo, raffles, poker, squares, etc., and must be run through the Ontario Lottery and Gaming Corporation (OLG).  It is important that members do not send funds to or participate in games run through social media sites that are not properly licensed.

If you are asked to pay to play think twice – make sure the host holds or displays a valid license!

Money Laundering

Money laundering claims many victims. Drug trafficking, illegal arms sales, prostitution, commercial fraud, people smuggling, corruption, and organized theft threaten the safety and security of our community.

Compliance with Proceeds of Crime (Money Laundering) Act helps detect, deter, and prevent money laundering activities. Under this Act is mandatory information, record keeping, and reporting requirements for financial entities including credit unions.

You will be asked to provide identification such as birth certificate, driver’s license, or similar type identification at account opening or when processing specified transactions.

MemberDirect® Online, Mobile Web, and Mobile App Security Features

ECU – A Division of WFCU Credit Union has several security measures in place to ensure the safety of our online banking environment and we continue to improve upon those measures as new technologies come into play.

Enhanced Personal Access Code (PAC)

Members who login to MemberDirect Online or the Mobile App for the first time will be asked to change their PAC to comply with the following parameters:

  • A minimum of 8 characters and a maximum of 30 characters
  • At least 1 uppercase letter
  • At least 1 lowercase letter
  • At least 1 number
  • At least 1 special character – examples @#$-!|
  • No spaces


It is important to note that Enhanced Personal Access Codes will not affect Telephone Banking Codes which will remain as they currently are.

You can change your PAC when you login to Online Banking or use the Mobile App at anytime. Simply choose Profile and Preferences and then Change Personal Access Code.  If you require assistance, please contact your branch.

Additional Security Enhancements

MemberDirect Alerts help you to be confident and in control of your finances by notifying you about account activity including the addition of a new bill payment vendor or e-Transfer recipient, PAC code change or Online Login. Alerts can be sent by text message or email. If you haven’t set up alerts, it is recommended that you do so right away!

Increased Authentication delivers an additional layer of security by asking members to self-select three challenge questions, in addition to their unique personal access code.

This feature uses an advanced algorithm to detect suspicious online activity by creating patterns of usage by members based on device, location and other behaviours. The data can help to identify and prevent potentially fraudulent activities.

MemberDirect also employs a cyber security measure as a defence against fraudulent login attempts by blocking login access when unusual login attempts are detected.

 

For more information on our Member Protection: