Jump to Main Content

Protect yourself against phishing scams

middle aged man with glasses staring at computer with confused look on his face

What is phishing?

Phishing is a fraudulent method of obtaining your personal and financial information. It occurs when a criminal sends you a fake communication, like an email, posing as a legitimate company and asking you to enter information, click on a link, or download a program. The fraudster’s goal is to steal data like your credit card, banking, login, or personal information. In some cases they also download malware onto your computer.

What is smishing?

Smishing is phishing done through SMS (text) messages. It’s becoming more common, and the texts will usually try to get you to go to a web site or call a specific number.

How spot a phishing email

Phishing scams tend to use the same tactics over and over – because they work. Here are a few ways to spot a phishing email:

It asks for information

If the email asks you for your account login, password, payment information or personal details, it’s a scam. Real companies don’t do this.

It tells you to log in

Some phishing scams will build a web page that looks legitimate and then ask users to sign in using their banking credentials. For example, a common tactic is to say that they’ve noticed some suspicious activity or failed login attempts and ask you to log on to confirm your info. Real companies won’t email you to request that you log on to a site.

How to spot legitimate websites

Let’s say you decided to type in the URL provided in an email to see if it’s from a real company, or accidentally clicked a link in a suspicious email – how can you tell if a site is legit? Any site asking you for financial information should have a URL starting with “https” to indicate that it’s secure. In addition, there will be a padlock icon in the address bar of secure sites. You can select the padlock to read the site’s security certificate details. A fraudulent site will not have these details.

The details are close, but not quite right

The email looks like it’s from a company you trust – it has the right logo and header. There may be a couple things that seem weird, though. For example, the URL might be wrong – like if they want you to link out to a site called meridian.com instead of meridiancu.ca.

It warns that something bad will happen

Many phishing scams try to scare you into providing information by saying that your account will be suspended or cancelled if you don’t comply. For example, they might say: “We’ve noticed some unusual activity on your account. Click the link below to login and confirm your credit card information. Failure to do so with 24 hours will lead to us suspending your account.”

It’s too good to be true

The same way that some phishing scams use threats, others will dangle a big reward. For example, they might send an email saying you’ve won their annual $1,000 sweepstakes, all you have to do it go to this link and enter your banking info so they can deposit your winnings. Here’s a good rule – if it sounds too good to be true, it probably is.

They don’t know your name

When you get emails from your bank, or any company you’ve provided personal info to, they almost always address you by name. So if you get an email that starts with a generic greeting like “Dear Customer” instead of “Hello Jane,” it’s probably fake. Other generic greetings might include: Dear Sir/Madam, Attention account holder, Dear member, etc.

There are mistakes

Legitimate companies won’t send you an email full of spelling and grammar errors – they have professionals writing them. One tiny typo? Maybe. But an email full of mistakes is probably a scam.

How to protect yourself

There are several steps you can take to protect yourself from phishing scams

  • Don’t click on links in suspicious emails.

  • Don’t provide personal or financial information over email or on sites you don’t trust.

  • Protect your computer with security software and set it to update automatically.

  • Protect your phone by setting software to update automatically.

  • Set up your email account’s spam filters.

  • Use any additional security features offered – like Touch ID, Face ID, passcodes sent by text message, and security questions.

  • Check to see if the website links are for real companies by typing them into Google.

What do you do if you receive a phishing email claiming to be from Meridian?

At Meridian, we’re really serious about protecting our Members. We will never ask you for personal information in an email. If you get a suspicious email that looks like it’s from Meridian, follow these steps:

  1. Do not click on any links in the email or reply to it.

  2. Immediately forward the email to onlinebankingsecurity@meridiancu.ca.

  3. Delete the email once you’ve reported it.

If you suspect someone has cracked your password or if you suspect any loss, theft or unauthorized use of your account, contact Meridian immediately at 1-866-592-2226

Learn more about how Meridian protects you

Our commitment to privacy and security
How to create a strong password
How to prevent e-transfer fraud