Skip to main content
Law Office

Anyone can fall victim to financial fraud. It never discriminates and comes in many forms. With reports of fraud dramatically increasing across the country, it’s important to be alert and educate yourself. Fraudsters are savvy and target anyone from teenagers to grandparents to established corporations. New scams are emerging daily so it pays to educate yourself. Check back every month as we share new topics on fraud awareness and tips to protect yourself from becoming a victim

If you suspect you are a victim of fraud, contact YNCU immediately at 1-888-413-YNCU (9628) and report it to your local police. Know that you are not alone. We are here to help!

Join our mailing list to receive more fraud awareness tips from our YNCU experts!


The Difference between having a Power of Attorney (POA) versus having Joint Accounts

Many of our members are concerned about how to manage their money, property, and finances as they age or as their life changes. They may worry about what will happen if they become unable to deal with their own finances.

Two tools often used for managing financial affairs are Power of Attorney’s or POA’s and Joint Bank accounts. It is important that people know the difference between the two and the risks and advantages of both.

What is a Power of Attorney?

A POA is a legal document that you sign to give one or more persons the authority to manage your money and property on your behalf. The person you appoint is called an ‘attorney’ although they do not need to be a lawyer.

To simplify, there are two main types of POA’s commonly used for finances/property in Canada.

A General POA is a legal document that can give your attorney authority over all or some of your finances and property. It allows your attorney to manage your finances and property on your behalf only while you are mentally capable of managing your own affairs. It ends if you become incapable of managing your own affairs or become deceased. A general power of attorney can be “specific” or “limited”, which can give authority to your attorney for a limited task (e.g., sell a house) or give them authority for a specific period of time. The power of attorney can start as soon as you sign it, or it can start on a specific date that you write in the document. A person may use this type if they are living outside of Canada or travelling, and they require someone to pay bills or manage their expenses while they are out of the country.

An Enduring or Continuing POA* is a legal document that lets your attorney continue acting for you if you become incapable of managing your finances and property. It can also give your attorney authority over all or some of your finances and property. An enduring or continuing power of attorney can take effect as soon as you sign it. In some cases, it is possible to have the power of attorney come into effect only when you become incapable, if this was specified in the document.

*This is the type YNCU may see more often for our older members who are preparing for a time when they are no longer able, either physically or mentally, to look after their finances.

What can my ‘attorney’ do?

Unless you limit your attorney’s authority, they can do almost everything with your finances and property that you could do. If you don’t have any limitations in your power of attorney document, your attorney can do your banking, sign cheques, buy or sell real estate in your name, and buy consumer goods. Your attorney does not become the owner of any of your money or property. He or she only has the authority to manage it on your behalf.

Your attorney cannot make a will for you, change your existing will, change a beneficiary on a life insurance plan, or give a new power of attorney to someone else on your behalf.

What are the advantages and risks of a POA?


  • Makes it clear who will be responsible for your money and property if you can’t manage them on your own, even temporarily.
  • Your attorney must manage your money and property for your benefit and can be required by law to account for and explain how he or she is managing it.
  • Can be as general or specific as you need.
  • You can choose to appoint two or more attorneys. You can require that your attorneys make all decisions together (“jointly”), or to act together or separately, if one of them is unavailable (“jointly and severally”). You can also appoint alternate or successive attorneys.
  • Having two or more attorneys could reduce potential fraudulent use of a power of attorney.
  • A general power of attorney allows your attorney to look after your affairs if you are away temporarily or if you need help managing your affairs.
  • The enduring power of attorney allows your attorney to continue looking after your affairs if you lose your capacity.
  • If you lose your capacity and do not have a valid enduring or continuing power of attorney document in place, someone will need to get authority from the court to manage your money and property. This can be time-consuming and expensive.


  • Can lead to mismanagement of your money and property if the attorney you choose is not trustworthy, uses your money improperly, or does not make decisions that are in your best interest.
  • Not enough information or limitations in the document could lead to the mismanagement of your finances or to your finances being managed in a way that you do not agree with.
  • Your attorney must manage your affairs in the way that you direct in the document. Strict limitations can make it difficult for your attorney to take care of your finances.
  • If you appoint more than one attorney to act jointly, disagreements between them could cause problems and lead to delays in the management of your financial affairs.
  • If not reviewed regularly, your power of attorney document might not meet your current needs or the requirements of the law.
  • The person you previously selected to be your attorney may no longer be the best choice or may no longer be available.
  • Possibility of “competing” powers of attorney if you have signed more than one power of attorney document. If you appoint a new attorney, you should cancel your previous power of attorney document and advise your financial institution of the change.

What about Joint Accounts?

Joint accounts are bank accounts in which two or more people have ownership rights over the same account. These rights include the right for all account holders to deposit, withdraw, or deal with the funds in the account, no matter who puts the money into the account.

In many cases, joint accounts include the right of survivorship. This means that if one of the account holders dies, the surviving account holder becomes the owner of the account, with the right to deposit, withdraw, and deal with the funds in the account.

In some cases, joint accounts may be considered as an option for someone to get help from family members or friends to pay bills and manage their finances. For example, health conditions or mobility issues could make it difficult for someone to manage their personal banking on their own. Getting to the bank or using online banking services can be difficult for some people. A person may consider setting up a joint account with a family member, such as an adult child, after the death of a spouse who used to deal with the household finances.

It may also be important to consider other consequences of a joint account such as whether probate fees or taxes will apply upon the death of a joint account holder or whether the remaining funds are intended to form part of the deceased’s estate or be gifted to the surviving joint account holder. These considerations may be addressed in consultation with a lawyer.

Risks associated with Joint Accounts (vs POA’s)

  • Unless you can state otherwise in your banking agreement, any person named on the joint account is able to withdraw money from the account at any time. They don’t need permission from you to do so, even if most or all the funds in the account were deposited by you.
  • Funds withdrawn may never be recovered.
  • If the relationship between you and your joint account holder breaks down, you risk the money being withdrawn or that the account may not be handled in the way that you wished.
  • If your joint account holder and their spouse separate or divorce, the money in the joint account could be claimed in the separation or divorce settlement.
  • It is difficult to hold a joint account holder legally accountable for taking money from the account that they weren’t supposed to.
  • You may have to go to court to challenge the actions of a joint account holder. This could be expensive and stressful. It may also take a long time to resolve.
  • If it is not clear that the money in the account was meant to be a gift to the surviving joint account holder or whether it was meant to become part of the deceased joint account holder’s estate, legal disputes could arise.
  • You will share responsibility with your joint holder for all transactions made through the account.
  • If one of the joint account holders has financial problems or declares bankruptcy, creditors could make claims on the money in the account.
  • The bank may require both people named in the joint account to give approval to remove one of you from the account.

**Every member is encouraged to seek legal advice as well as estate planning advice from qualified industry professionals. Being prepared in advance is a wise thing to do to avoid any unexpected problems when situations arise. **

PC Hygiene

Your PCs, tablets, and phones need a good hygiene routine too! PC hygiene is how we keep our PCs clean of malware that can damage our files and compromise our systems. Maintaining good PC hygiene is like building a fortress around your digital world.

Here are 10 steps for you to follow that can help keep the bad guys at bay.

1. Updates

Keep your operating system, antivirus software, and other applications and programs up to date. Updates often include security patches that fix vulnerabilities exploited by cybercriminals.

2. Passwords

Always use complex passwords and consider using a password manager to generate and store them securely. Avoid using the same password across multiple accounts.

3. Firewall

Enable a firewall to monitor and control incoming and outgoing network traffic. This adds an extra layer of defense against unauthorized access.

4. Anti-Malware Software

Install reputable antivirus and anti-malware software. Regularly scan your system for potential threats and remove any malicious software.

5. Backup Your Data

Regularly back up your important files to an external drive or a secure cloud service. In case of ransomware or hardware failure, you can restore your data without paying a ransom.

6. Secure Wi-Fi Connections

Use strong encryption (WPA3) for your Wi-Fi network and change the default router login credentials. This prevents unauthorized access to your network.

7. Phishing Awareness

Be cautious of unsolicited emails, messages, or links. Verify the legitimacy of emails before clicking on links or providing sensitive information. Cybercriminals often use phishing to trick users into revealing personal data.

8. Two-Step Verification (2SV)

Also known as Two-Factor Authentication (2FA), be sure to enable 2SV whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code from your mobile device.

9. Limit User Privileges

Use a non-administrator account for daily activities. This limits the impact of malware or unauthorized access, as these accounts have fewer system-wide privileges.

10. Educate Yourself

Stay informed about the latest security threats and best practices. Knowing what to look out for can help you avoid falling victim to various cyber-attacks.

By incorporating these practices into your digital routine, you’re not just building a fortress; you’re also becoming a vigilant guardian of your online world.

YNCU members, if you know, or think you have been a victim of internet scams, phishing or cyber-attacks or your banking information has been compromised, please contact our Service Excellence Centre at 1-800-413-YNCU (9628).

You can also contact the Canadian Anti-Fraud Call Center at 1-888-495-8501.

The Four Cornerstones of Internet Security

While the internet offers incredible opportunities and convenience, it also comes with its fair share of security dangers. These four cornerstones of internet safety can help you keep your information secure online.

Secure passwords

Always use secure passwords and never reuse old passwords. If criminals obtain your username and passwords from one site, they will try the same information on other popular sites using the same credentials. Never share your PIN and never share your online banking details.

Always type website log in addresses manually or use a safe bookmark

Never follow an email link to a log in page. It may be a phishing email page tricking you into logging into spoofed login page. It may look real but it’s not.

Financial information should be shared on secured home Wi-Fi Only

Assume that everything you do over public Wi-Fi is being watched, especially on mobile devices. If you need to conduct online financial transactions in a public setting always turn off Wi-Fi and turn on Cellular Data. Always assume that public Wi-Fi networks could be recording your actions.

Enable and install all updates and patches

Patches are software and operating system updates that address security vulnerabilities within a program or product. Updates for your mobile device and computer remove vulnerabilities and keep your identity and passwords protected.

Navigating the internet safely requires constant vigilance, adopting security best practices and staying informed about emerging threats.

YNCU members, if you know, or think you have been a victim of internet scams, phishing or cyber-attacks or your banking information has been compromised, please contact our Service Excellence Centre at 1-800-413-YNCU (9628).

You can also contact the Canadian Anti-Fraud Call Center at 1-888-495-8501.

Check out this video for more information on The Four Cornerstones of Internet Security

Phishing and Smishing

Think twice before you click, submit, pay, download, or reply! This type of phishing is not enjoyable.

Phishing describes fraudsters attempting to trick users into doing 'the wrong thing' - such as clicking a bad link that will download malware or direct them to a dodgy website.

Phishing can be conducted via text message, social media, or by phone, but the term 'phishing' is mainly used to describe attacks that arrive by email. Phishing emails can reach millions of users directly and hide amongst the huge number of benign emails that busy users receive. Attacks can install malware (such as ransomware), sabotage systems, or steal intellectual property and money. Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. You might get an unexpected email or text message that looks like it’s from a company you know or trust, like a bank, a credit card or utility company, or even an online payment website or app.

Smishing is a type of phishing scam where cyber criminals try to trick you by sending fraudulent SMS or text messages. They often pretend to be a real business (such as a bank or delivery company), a government department, or a person you know. During the COVID-19 pandemic, scammers have even pretended to be from assistance programs, like the Canada Emergency Response Benefit (CERB) and the Canada Recovery Benefit (CRB), to target vulnerable Canadians. Smishing messages will often try to get you to click on a link, which may contain malware or lead to a spoofed website. If you click on the link, cybercriminals can then steal your data, your money, or even your identity.

The message could be from a scammer who might:

  • Say they’ve noticed some suspicious activity or log-in attempts — they haven’t.
  • Claim there’s a problem with your account or your payment information — there isn’t.
  • Say you need to confirm some personal or financial information — you don’t.
  • Include an invoice you don’t recognize — it’s fake. Want you to click on a link to make a payment — but the link has malware.
  • Say you’re eligible to register for a government refund — it’s a scam.
  • Offer a coupon for free stuff — it’s not real.

Most phishing/smishing attacks create a sense of urgency in the message and encourage you to respond right away. They may send threats, like claiming they’ll close your account, or offer a time-sensitive reward, such as a prize for a contest you didn’t enter. But no text is ever that urgent — take your time when evaluating a potential smishing message.

Many phishing/smishing messages appear to be from a trustworthy and reliable source, like your bank or another business you know. Always be cautious, even if you think you recognize the business that the message is from.

To protect yourself from Phishing and Smishing use the SHADY? approach:

SECRET – Always keep your personal information secret, especially over email. Check with the sender by contacting them through another medium, like telephone, to confirm that they did in fact send you that email/text.

HOVER OVER A LINK BEFORE CLICKING IT – Hovering over a link lets you see where it points. Never click a link to any financial website, type in the address each time.

ATTACHMENTS SHOULD NOT BE CLICKED – Do not click on attachments if you are not expecting them. Even documents may contain a virus that can do damage to your device, track keystrokes, and compromise your information.

DIFFICULT PASSWORDS – Complex passwords help prevent people from hacking your accounts. Passwords should be strong, difficult to guess, and different for each system.

YOU SHOULD ASK YOURSELF WHENEVER YOU GET AN EMAIL/MESSAGE: Was I expecting this? If not proceed with caution or delete immediately.

? QUESTION – Always question electronic messages, especially if it is making promises or threatening action.

YNCU members, if you know, or think you have been a victim of phishing or smishing and your banking information has been compromised, please contact our Service Excellence Centre at 1-800-413-YNCU (9628).

You can also contact the Canadian Anti-Fraud Call Center at 1-888-495-8501. Check out this video for more information on How The “SHADY?” Technique Can Help Prevent Phishing and Smishing

Ransomware: You’ve been hacked!!

What is Ransomware?

Ransomware is software designed to deny or restrict access to your device or files until you pay. The general rule is don’t pay the ransom! There is no guarantee you will get access back, and paying increases the likelihood that you will be targeted again.

This tactic has been around for years and is on the rise. Often Ransomware targets places where the most sensitive data is stored – computer, network files, cloud or other storage locations etc

So what does it look like and how do you know you’ve been hacked??

There are two basic types of Ransomware:

Locker ransomware – completely locks out the device. The victim will receive a pop up indicating that they were caught doing something illegal and you have to pay a fine to regain access.

Crypto ransomware – encrypts files to restrict access. These encryptions are almost impossible to break.

If you have been hacked, what do you do?

Shut down your computer, disconnect any external media (phones, tablets, external hard drives) and bring it in to an authorized support center.

You can restore your files – as long as you’ve taken the correct steps to prepare ahead of time!

P – perform regular updates – you can set up auto updates to run in the evenings/during the day when you aren’t using your device.

R – require virus scan of external devices before using them

E – execute software only if its reputable

V – verify all emails/ texts etc before clicking links

E – external storage to back up!

N – never be without malware protection software & keep it up to date

T – trust your instincts and do a little online research if something feels off – often other victims may provide useful info online

Some interesting statistics:

On average, only about 65% stolen data is returned after the ransom is paid.

Nearly 30% of targets had less than HALF of their data returned.

Less than 10% of victims get all of the files returned.

Approximately 80% of Ransomware targets that paid the ransom were targeted a second time!

In 68% of cases that paid, that second hit occurred within the first month after paying, for a higher ransom.

North America saw an increase in ransomware attacks of 180% in 2021.

If you have been targeted by Ransomware Please reach out out to your YNCU branch team so we can help to protect you.

We will always be here to assist you! 1-800-413-YNCU (9628)

Are you under A.T.T.A.C.K?

Social manipulation, in the context of fraud, is the art of manipulating end users into providing personal or confidential information. Personal cyber-attacks come in many forms. Here are a few tips that can help you to spot them.

A - An Email

Phishing emails may look legitimate, but you should always question links, attachments, threads, or emails from someone unexpected.

T - Trick Websites

These are made to look like trusted websites but often have spelling or grammar errors or a slightly different URL. Farming the data from these trick websites allows criminals to gather personal details and record your keystrokes.

T -Text Messages

Social engineers will send you a text message about an urgent bill payment or some type of attractive offer. Also, beware of fake messages that appear to be from the government asking you to click a link to receive your rebate, return or payment. If you click these links on a mobile device message it could put your mobile phone at risk.

A - A Telephone Call

Fraudsters may call and say they are from Canada Revenue Agency, Canada Post or Microsoft, or maybe even your financial institution, and proceed to ask you to disclose personal information. Before going ahead with this, you need to ask yourself what valid reason would there be for you receiving the call and why would you provide those details if you didn’t initiate the call? If you still cannot determine the legitimacy of the caller, ask them to proceed via email because you cannot speak in depth at the moment.

C – Contest Winner

“Congratulations! You’ve won a big contest!” This message can come to you via email, text or phone. But did you even enter a contest? If not, it is more than likely an attempt by a fraudster to gather personal information from you. Do not fall for it!

K – Key Loggers

You’re browsing a familiar website and receive a pop-up of an offer that looks too good to be true! If you click the pop-up that social engineer may be trying to capture sensitive information.

When in doubt……..Hang up! Delete! Exit!

Social Engineering is on the rise. Watch for these signs of an attack and take these steps to protect yourself. Ask questions. Do not feel pressured into providing any information you may not be comfortable providing. Never share your ID, passwords, or any answers to your security questions. Use caution when entering sensitive information with websites that don’t begin with HTTPS or when something arrives that you were not expecting. Always remember to report anything suspicious.

YNCU members, if you know, or think you have been ATTACKED please contact our Service Excellence Centre at 1-800-413-YNCU (9628).

You can also contact the Canadian Anti-Fraud Call Center at 1-888-495-8501. Check out this video for more information on protecting yourself against a cyber-attack.


August 1, 2023

Seniors are one of the most commonly targeted demographics by fraudsters - we’re even seeing this play out in our own branches!


  • About 10% of seniors are victims of crime per year.

  • 4-5% of seniors report some form of abuse from ages 65 up.

  • Financial abuse/exploitation and emotional abuse are the most prevalent.

  • Overall rates of elder abuse are similar in Canada, Australia, US and UK

  • Seniors are less likely to report abuse, and when they do, it’s often to health professionals, community groups, or their Financial Institution, not police.

When it comes to financial crimes, seniors are targeted in almost every way, including aggressive telemarketing, fraudulent home repairs, health or investment schemes, technology schemes, romance or urgent family schemes, just to name a few.


  • Home ownership.

  • A tendency not to seek advice before making a purchase.

  • Financial risk-taking behaviours.

  • Lack of knowledge of consumer rights.

  • Lack of awareness of fraudulent schemes.

  • Openness to marketing appeals.

  • Reluctance to hang up the phone on telemarketers.

Perpetrators use a variety of tactics that may hit on many of these risk factors to gain compliance. They will often try to isolate the victim, pressure them to act quickly, use fear tactics, and discourage the victim from seeking outside advice.


  1. BE SUSPICIOUS – Particularly of anything that shows up unexpectedly, including regular mail, emails, and messages through social media or text. Check email addresses and phone numbers, avoid clicking on pop ups or links in emails, and navigate to trusted sites by typing in the address rather than using a search.

  2. SLOW DOWN THE PROCESS – almost nothing will need an immediate response. You are allowed to take a step back and think about it, even for a few minutes, to ensure you’re not reacting out of fear or pressure. If you’re unsure, run it by a trusted loved one or your Financial Institution.

  3. PLAN AHEAD – ensure you have people you can trust set up to assist you when the time comes, making sure your wishes are clearly stated. Consider an advanced directive or Power of Attorney that can follow through on your instructions.

  4. ASK QUESTIONS – Does the scenario make sense? Are you familiar enough with the person/investment/scenario to make an educated decision? If you aren’t, run the situation by someone else before acting on it. It could be your advisor from YNCU or a trusted friend or family member, but a second opinion never hurts. If you’re being discouraged from seeking another opinion, this should be a red flag.

  5. KEEP UP TO DATE on active scams by reviewing the list of ongoing fraud tactics provided by The Canada Anti-Fraud Centre. They are explained in easy-to-understand terms and can give you a great idea of what to be on the lookout for.

If you would like to review the Crime and Abuse Against Seniors report from the government, click here or visit


July 10, 2023

The number of people who regularly do some, or all, of their banking online is steadily increasing. With that increase comes increased risk, and with those risks we must work to protect ourselves from online predators. No one is invincible. Awareness and diligence are key factors needed to minimize risk your risk of fraud when banking online.

It's important to protect yourself and your finances. Here are some tips to help you STAY DILIGENT:

D – Devices that are used to access your accounts online should be protected by a PIN. Always try your best to make it as difficult as possible for unauthorized users to gain access to your information.

I – Invest in a password manager to help you create strong passwords. Do NOT use the same password for more than one application or website. If a password is compromised, it creates an opportunity for fraudsters to access any accounts where that password is also used.

L – LOG OUT every time you finish your online banking. And, although the convenience is tempting, never save your username or password in your browser.

I – Issues can be detected early by regularly monitoring your accounts. Set automatic alerts for any bill payments, changes to bill payment vendors and e-transfers, as well as any changes to your passwords or personal information. This should also include any log-in attempts that are not yourself.

G – Guard against any unauthorized account access by using enhanced logins and multi-factor authentications, if available. Avoid the use of public Wi-Fi or computers when accessing your banking and financial information. Always try to use your own home internet or cellular data.

E – Engage in account transaction reviews and actively monitor your financial accounts. Frequent unknown small transactions might be the first sign of a hacker’s attack.

N – Never disclose your personal financial or login information to anyone. YNCU will never call, text, or email to ask for these types of personal details. Confirm the URL address when doing your online banking and always navigate to your banking website instead of clicking on a link that is sent to you.

T – Take the time to verify your anti-virus software is up to date on every device in your household. Web browsers and operating systems must have the most recent and up to date security patches in place to protect you and keep your account information safe.

At YNCU we care about our members, and we will always strive to help where we can. If you have any questions about how to safeguard your accounts, please feel free to reach out to our staff. We can help you set up alerts for new bill payments, make changes to existing bill payments, and manage your e-transfers. Remember to regularly change your passwords and always review your account transactions.

Protect your personal information and your finances by STAYING DILIGENT when banking online.

If you suspect you’re a victim of fraud, contact your Financial Institution immediately and report it to your local police. If you’re a YNCU member, contact our Service Excellence Centre at 1-888-413-YNCU at the first sign of fraud. Know that you are not alone. We are here to help!

You can also contact the Canadian Anti-Fraud Call Center at 1-888-495-8501.

Help us prevent fraud by sharing these tips to look out for with your friends and family!


June 1, 2023

this includes preventing fraud even when there are no signs of it happening.

Privacy breaches can be a nightmare to deal with and have rippling effects across a person’s life. They are becoming more frequent as technology improves and knowledge spreads, but here are a few things you can do to prevent this from happening to you.


When creating a password, avoid using names, important dates, and any other easily identifiable words. A combination of numbers, symbols, and three or four seemingly random words, like items you can see from your desk or out your window, make for those hard-to-crack passwords.


Choose questions that you will know the answer to but would be hard for even someone that knows you to guess. If you have a reliable memory, answers don’t necessarily have to be accurate to the question either.



  • Ensure notifications come into your phone and/or email to alert you when:
  • Bill payments or e-transfers are made to know when money is moving out of your account.
  • There is a new bill payee/e-transfer recipient.
  • There is a recent login to let you know if someone else has logged in without your consent.
  • There is a password, PAC or security question change.



  • First and foremost, stay calm!
  • If you still have access to your accounts, change your password and security questions as soon as possible. If not, lock yourself out by typing in something other than your password 4 times.
  • If you’re a YNCU member, contact our Service Excellence Centre at 1-888-413-YNCU, otherwise contact your Financial Institution to report it as soon as possible. If outside business house, leave a voicemail and follow up the next business day if you have not been contacted.
  • Contact Equifax (1-800-465-7166) and Trans-union (1-800-663-9980) to inform them as well. • Report to the Police – especially if there has been a loss. • Report to the Canadian Anti-Fraud Centre (1-888-495-8501).
  • Contact other authorities depending on what information

Click HERE for information on spotting the red flags of an online scam or watch this video from the Canadian Credit Union Association.

Know that you’re not alone. YNCU is here to help!

For expert advice, or even just a friendly ear when you need some financial guidance, reach out to your branch or book an appointment online.


May 1, 2023

it seems like you can’t visit a website these days without encountering fraud. Scammers are becoming smarter, refining their methods and strategies daily to trick people. When a tactic works, they polish it to double the rewards. After working in the same ‘industry’ for so many years, they have discovered some strong swindles few people can detect. If people don’t learn how to protect themselves from scams, these fraudsters will remain in business. 



Pressure to respond quickly or threats of closing your account or taking legal action.

Links directing you to login pages, requests to update your account information, or demands for your financial information.

Winning contests you’ve never entered, prizes you have to pay to receive or inheritance from long-lost relatives.

Receipts for items you didn’t purchase or updates on deliveries for things you didn’t order.

Incorrect (but maybe similar) sender email addresses, links that don’t go to official websites, and spelling or grammar errors, beyond the odd typo, that a legitimate organization wouldn’t miss.

Attachments you didn’t ask for, unusual file names, and uncommon file types.


Incorrect or blurry logos, image-only emails with no highlightable copy, and company emails with poor quality formatting (or none at all).

IF YOU SPOT ANY OF THESE RED FLAGS IN AN EMAIL don’t click any links, don’t reply or forward, and never open attachments. If you’re unsure, we recommend reaching out to the sender if you’re familiar with them through a different channel – retrieving the telephone number or email from their official website, for example.

Video courtesy of the Canadian Credit Union Association.