A common way for Internet scammers to obtain your personal information is through a method called phishing. Usernames, passwords, banking information and credit card details are phished through email or instant messaging. Phishing works by sending communications, which appear to be from your financial institution, but they are not. You are asked, supposedly by your financial institution, to log in to your online banking to verify account information. Often some type of security concern is cited as the issue. The fake email instructs you to click on a link that takes you to a non-legitimate version of your online banking site – one that is largely indistinguishable from the legitimate site – and you’ll be asked to enter your credentials.

Phishing emails may include:

• Warnings about account closures
• Requests to update your information
• Offers to register for a new service
• Offers for pre-approved credit cards
• Free virus-protection programs

Once you click on the link, which directs you to a phishing website, you’ll be prompted to enter personal or banking information. Phishing scams seek personal details, such as your address, social security number or mother’s maiden name. The details obtained will then be used for identity theft.

Scam emails purporting to be from your credit card company or financial institution often have some telling signs, including:

• Poor spelling or grammar
• Alarmist content, warning that your account will be closed if you don’t provide your banking or personal details immediately
• Notices that you’ve won a prize and are required to pay a fee in order to claim it

Pharming

Another way for hackers to get their hands on your personals details is by pharming them. Pharming occurs when hackers use a malicious code on your PC, which compromises your computer’s host file and redirects you to fake websites. The malware hides the fraudulent URL, cloaking it in the legitimate one that appears in your browser. With pharming, the dishonest redirection of URLs happens even when you type correct URLs directly into your browser, making you think that you’re on the correct website when you are not. Once there, you are asked to enter your online banking credentials or account information, which hackers take and use for criminal activity.

How to Avoid Phishing and Pharming Scams

We will never send you emails or communications asking you to verify or provide your online banking details. The best way to protect yourself is to never use a link provided in an email to access your online banking (because we don’t send those; scammers do). Do not open emails or email attachments from unknown sources. Scan email through your anti-virus software.

Always type your financial institution’s website address directly into your browser and remember to look for confirmation that you are browsing securely. The letter “s” in ‘https’ indicates you are navigating in a secure site, in comparison to the open and unprotected ‘http’ URLs. Look for the ‘https’ when online shopping, too.

Don’t feel panicked when phishing emails caution of immediate account closures if your banking details cannot be verified. Don’t believe emails warning that your account has been compromised or that you’ll miss out on a great deal if you fail to act immediately. If you are concerned, call or visit one of our customer service representatives.

Install anti-virus software on your computer to protect your information, money and privacy. Such software detects viruses and cleans your computer so that harmful viruses do not spread. Set up your anti-virus to run frequent scans and update the software as soon as it is required. Ensure you have real-time scanning of every email and every file you download.

Malicious software (malware), spyware, worms and Trojans are the same class of destructive viruses; just with different names. Nobody wants a computer virus. They can steal your personal information, take over your PC and use your computer to attack other people’s computers. Your PC can become infected through email attachments, downloading infected content or visiting harmful websites.

Spyware is exactly what it sounds like – tracking software that is downloaded to your computer (without your knowledge) when you visit certain Internet sites. Secretly, it gathers information about you and your browsing habits. This information can be trivial or it can include passwords and personal data that you wouldn’t want criminals to get their hands on. It can also interfere with user controls and disable legitimate anti-virus programs.

The best way to protect your computer against spyware is smart browsing. Stay away from sites that look unsafe and avoid streaming or downloading content from untrustworthy sources. Many anti-virus products offer targeted spyware solutions that inspect your operating system, installed programs, downloads and files.

One of the most common viruses to watch out for is known as scareware. These scams pop-up on your screen and display alarmist warnings, telling you a virus has invaded your computer. Scareware prompts you to download (and often pay for) fake anti-virus software to remove the non-existent viruses. Scareware is a scam that tries to trick you into paying money in exchange for nothing.

You can protect against scareware by keeping your anti-virus software up-to-date and by being judicious about what you choose to download to your computer. You should also familiarize yourself with the interface of your legitimate anti-virus program, so you won’t be fooled if one of these pop-ups appears.

On December 7, 2021 we introduced 2-Step Verification, a new layer of security to the way you log-in to online banking. Effective January 6, 2022 2-Step Verification enrollment is required to access online banking.

How it works

2-Step Verification replaces the use of security questions and answers with dynamically generated one-time verification codes. Verification codes are sent to you via text message (SMS) or email to confirm your identity during high-risk logins, such as a login from a new device or location.

It's more secure because of the use of generated verification codes, verification codes are inherently more secure than standing challenge questions and answers. These codes prevent fraudsters from being able to access your account in the event of your login credentials being compromised (lost or stolen).

How do I set up 2-Step Verification?

1. When logging into Online Banking via a Desktop or Mobile App, you will be presented with an Enable 2-Step Verification enrollment screen.
2. Register either a mobile phone number or email address by clicking the corresponding Send Code button. A one-time verification code is sent in a notification to the mobile phone or email address that was entered.
3. Then Enter Your Verification Code in the screen now displayed and awaiting input of the code. Once the verification code is entered, select Continue to submit the code for verification.
4. When the submitted verification code is verified, the "Enter Your Verification Code" screen is updated with the message “Enrollment complete”, confirming that the enrollment was successful. Select the Continue button to end the enrollment process and continue to Online Banking.

Future High-Risk Logins

After successfully enrolling in 2-Step Verification, whenever authentication is stepped up for high-risk logins (ex. login from a new device or location), you will be presented with the Enter Your Verification Code verification screen. At the same time, a one-time verification code will be sent to the mobile phone or email address you registered during enrollment. If you set up both an email address and mobile phone number, you will be asked where you would like the one-time verification code to be sent.

Maintenance

At any time after enrollment, members can add or edit the mobile phone number and/or email address used in 2-Step Verification notifications. This can be found in the Profile and Preferences section of Online Banking on a Desktop or the Settings section in the mobile app.

Frequently Asked Questions

Is enrollment for 2-Step Verification mandatory for all members?

Yes. All members who use Online Banking, except for Small Business Service users, must enroll for 2-Step Verification.

Will I still need to remember my previous security questions?

No. After enrollment in 2-Step Verification, challenge questions and answers are no longer relevant.

Can I register for 2-Step Verification via both SMS and email?

Yes. During the initial enrollment, members can register only one of either a mobile phone number or an email address to receive 2-Step Verification notifications. However, after enrollment, 2SV contact information can be updated from the Profiles and Preferences screen on a desktop and in Settings of the mobile app.

Will duplicate verification code notifications be sent both by SMS and email when I have both a mobile phone number and an email address registered under 2-Step Verification?

No. During each stepped-up authentication where a member has multiple notification channels registered, the user will be presented with a Select Verification Method screen where they must select which channel (SMS or email) they wish to be notified through.

How long before a verification code notification expires and is no longer valid?

The verification code is valid for 10 minutes from the time it is generated. If the code is entered and submitted after that time, an error message will be displayed.

Can I register for more than one phone number or email address?

Not yet. Currently, 2-Step Verification is limited to a single mobile phone number and a single email registration.

Will 2-Step Verification be used to authenticate other high-risk activities besides high-risk logins?

Not yet, but it is on our provider's roadmap to extend Increased Authentication to other high-risk activities such as changing sensitive data like bill payee profiles, customer contact information, and Interac e-Transfer® recipient profiles or completing high-risk payments or transfers.

Are there any activities unique to Small Business (MDSB) members that will be authenticated under 2-Step Verification?

Not yet, but it is on our provider’s roadmap to review MDSB-unique activities, such as high-risk business transactions, for inclusion in the planned extension of Increased Authentication for authenticating other activities besides logins.

Is there an option for me to designate a device as a “trusted” device, exempting logins from that device from stepped-up authentications?

No. Any login assessed as high risk will be subject to stepped-up authentications, regardless of the device being used to log in from.

I have opted for 2-Step Verification and lost my mobile phone or can't access my email. I tried to update my 2-Step Verification settings through Online Banking but cannot complete this because the verification code notification is going to the lost phone or locked email. What can I do?

If you are unable to access the mobile phone or email you used during enrollment, call NPSCU’s Member Contact Centre @ 1-877-787-0361. We will verify your identity and reset your 2-Step Verification. You will be prompted to re-enroll when logging into Online Banking.

Self-Serve Reset Password is a digital banking feature that allows you to reset your Online Banking Password whenever you need to, at the time you need to.

Note: Currently, Self-Serve Reset Password is only available for Personal Members. Small Business Members will need to continue to call our Member Contact Centre to reset their password.

How do I reset my Online Banking Password?

1. To reset your Password, select the Forgot Password or Locked Out? link on the Login screen.
2. Selecting Forgot Password or Locked Out? link will open the "Please Verify Yourself" screen. Complete the verification process by following the prompts.
3. A Success screen will appear once you have successfully completed all of the necessary steps.  Now you will be able to login to Online Banking using your new password.