Phishing and Spoofing

You may have experienced or read about incidents of unsolicited email messages masquerading as legitimate companies that trick recipients into divulging personal and financial information. These "phishing" (also called "spoofing") emails lure you to fake websites. These websites may look like legitimate companies or government agencies that may ask you to disclose confidential, financial and personal information, like passwords, credit card account numbers or social security numbers.

The information below is intended to help you become more aware of the ways in which criminals are attempting to obtain your information and how to protect yourself from becoming a victim.

Email Fraud

Email and website fraud, often referred to as “phishing” or “spoofing,” involves a criminal sending you an email or pop-up advertisement that claims to be from a legitimate company or organization that you deal with. The email may instruct you to update or validate your account information, including Social Security number and passwords. The most common type of “phish” is an email that threatens dire consequences or states the information is needed urgently if you do not take immediate action to get you to respond quickly.

Typically, you are instructed to respond via email or you are directed to a phony website that looks like the site of the legitimate business. By following the email instructions, you are unknowingly providing your personal information to a criminal, not to the legitimate company. The information is then used to transfer money, make payments, and commit other illegal acts.

You should never respond or reply to e-mail that:

  • Uses a general greeting and does not identify you by name.
  • Contains typographical or grammatical errors.
  • Requires you to enter personal information directly into the e-mail or submit that information some other way.
  • Threatens to close or suspend your account if you do not take immediate action by providing personal information.
  • Solicits your participation in a survey where you are asked to enter personal information.
  • States that your account has been compromised or that there has been third-party activity on your account and requests you to enter or confirm your account information.
  • States that there are unauthorized charges on your account and requests your account information.
  • Asks you to enter your User ID, password or account numbers into an e-mail or non-secure webpage.
  • Asks you to confirm, verify, or refresh your account, credit card, or billing information.

First Nations Bank will NEVER ask you for any private information (such as account numbers, passwords, social security numbers, etc.) through an unsolicited email. You should never send personal identification numbers or confidential information by email as it is not a secure method of contact.

Fraudulent Websites

Often used in conjunction with email fraud schemes, online criminals will direct you to a fraudulent website that resembles the site of a legitimate company or organization. In many cases, there is no easy way to tell that you are on a phony website because the URL address will be very similar to that of the legitimate business. The address of the phony website may use a common misspelling of the company's name or may add a symbol, number or word before or after the name. Therefore, even if you do not receive an email directing you to the phony site, you may end up at the phony site simply by mistyping the address of the legitimate site.