What is phishing?
Phishing is a method criminals use to get your personal and financial info. They send you a fake email posing as a legit company and ask you to enter your info, click on a link, or download a program. The goal is to steal data like your credit card, banking, login, or personal info. Sometimes they also download malware onto your computer.
What is smishing?
Smishing is phishing, except through SMS (text) messages. It’s becoming more common, and the texts will usually try to get you to go to a website or call a specific number.
How to spot a phishing email
Phishing scams tend to use the same tactics over and over – because they work. Here are 7 ways to spot a phishing email:
1.It asks for your info
If the email asks you for your account login, password, payment info or personal details, it’s a scam. Real companies don’t do this.
2. It tells you to log in
Some phishing scams build a web page that looks legit and then ask users to sign in using their banking credentials. For example, they’ll often say that they’ve noticed some suspicious activity or failed login attempts and ask you to log on to confirm your info. Real companies won’t email you to request that you log on to a site.
How to spot legit websites
Let’s say you decided to type in the URL provided in an email to see if it’s from a real company, or accidentally clicked a link in a suspicious email – how can you tell if a site is legit? Any site asking you for financial information should have a URL starting with “https” to indicate that it’s secure. There should also be a padlock icon in the address bar of secure sites. You can select the padlock to read the site’s security certificate details. A fake site won't have these details.
3. The details are close but not quite right
Let’s say you get an email that looks real - it has the right logo and header - but there are a couple of things that still seem off. Maybe it has a different URL, telling you to go to a site called motusbankonline.com
instead of motusbank.ca
, for example. Pay attention to those red flags.
4. It warns that something bad will happen
Phishing scams often try to scare you into giving your info by saying that your account will be suspended or cancelled if you don’t do it. For example, they might say: “We’ve noticed some unusual activity on your account. Click the link below to login and confirm your credit card information. Failure to do so with 24 hours will lead to us suspending your account.” Nope, not a thing. Real companies don’t do that.
5. It's too good to be true
The same way that some phishing scams use threats, others will dangle a big reward. For example, they might send an email saying you’ve won their annual $1,000 sweepstakes, and all you have to do is click this link and enter your banking info so they can deposit your winnings. C’mon, you know how this goes – if it sounds too good to be true, it probably is.
6. They don't know your name
When you get emails from your bank, or any company you’ve provided personal info to, they almost always address you by name. So if you get an email that starts with a generic greeting like “Dear Customer” instead of “Hello Jane,” it’s probably fake. Other generic greetings might include: Dear Sir/Madam, Attention account holder, Dear member, etc.
7. There are mistakes
Legit companies won’t send you an email full of spelling mistakes – they have professionals writing them. One tiny typo? Maybe. But an email full of mistakes is probably a scam.
How to protect yourself
There are several steps you can take to protect yourself from phishing scams
- Don’t click on links in suspicious emails.
- Don’t provide personal or financial information over email or on sites you don’t trust.
- Protect your computer with security software and set it to update automatically.
- Protect your phone by setting software to update automatically.
- Set up your email account’s spam filters.
- Use any additional security features offered – like Touch ID, Face ID, passcodes sent by text message, and security questions.
- Check to see if the website links are for real companies by typing them into Google.
What do you do if you receive a suspicious email claiming to be from motusbank?
We’re super-serious about protecting our members. We'll never ask you for personal information in an email. If you get a suspicious email that looks like it’s from motusbank, follow these steps:
- Don't click on any links in the email or reply to it.
- Immediately forward the email to OnlineBankingSecurity@motusbank.ca.
- Delete the email once you’ve reported it.
If you suspect someone has cracked your password or if you suspect any loss, theft or unauthorized use of your account, contact motusbank immediately at 1-833-696-6887.
5 tips for creating a strong password
How to prevent e-transfer fraud
Our commitment to privacy and security
Learn more about protecting yourself