Security and Fraud:

Part of financial stability is recognizing scams and fraud before you become a victim.

It’s at times like this that cyber thieves find opportunities to take advantage of the situation. The Winnipeg Police Service has received reports of an email scam related to the current COVID-19 situation, and there are many other scam texts and emails in circulation. We encourage our members to be extra diligent:

  • Do not click on any links in emails from someone you do not know or organization you do not recognize.
  • Know that CCCU will never send you unsolicited emails or phone calls asking for passwords, PINs, credit card numbers, or account numbers.
  • Don’t give out your personal or financial information for any reason unless you have initiated the transaction with a trusted source.
  • Don’t share your passwords or security question answers for any reason.
  • Now might be a good time to ensure that your passwords and answers are unique, difficult to guess, and follow best practice guidelines.
  • Visit our Security page for cyber security tips and best practices and know that we are remaining vigilant in managing risk from our side.

With the current situation comes the potential for a higher risk of fraudsters trying to take advantage. The following are a some examples to watch out for:

Malicious Websites

There have been many fraudulent COVID-19 themed websites launched since the pandemic emerged, and recent research has estimated that 50% of the coronavirus themed domain registrations are likely from malicious actors. Many of these sites have leveraged John Hopkins University’s interactive map that shows you how COVID-19 is spreading throughout the world. The fraudulent websites are using real-time data from the John Hopkins site, but are also prompting users to download a malicious application.

Only use trusted sources for information related to COVID-19. Some examples of trusted sources include:

False Information Emails
Fraudsters have been sending emails claiming to be from legitimate organizations, government or public health agencies (e.g. World Health Organization, Public Health Agency of Canada) to provide information about the coronavirus. The email message will advise the receiver to click a link or download an attachment for the information, but the user will likely download malware onto their computer network or device. As with other cyber-attacks, this malware could allow cybercriminals to take control of a device, log keystrokes, or access personal information and financial data.

Medical Advice Emails
Phishers have sent emails that offer bogus medical advice to help protect you against the coronavirus or cure you of it. Users will be provided with a malicious link to download expert information that can heal them or a link to purchase a fraudulent product (e.g. at-home COVID-19 test).

Corporate Policy Emails
Cybercriminals have also targeted employee workplace email accounts. With many workers currently working from home, some corporate cybersecurity measures may not be available, and the criminals are trying to take advantage. Employees may receive emails claiming to be from HR, advising users to click on a link to read the company’s updated Infectious Disease Policy. If you click on the fake company policy, you’ll download malicious software.

Virus Exposure Emails
Malicious actors continue to craft aggressive, evil email attacks tailored to leverage mounting fears and anxieties surrounding the COVID-19 global pandemic among employees in the office and at home.

As an example, a new phishing email scam is circulating warning the recipients that they have been exposed to the Coronavirus through personal contact with a "colleague/friend/family member" and directing them to download a malicious attachment and proceed immediately to the hospital.

The attachment, an Excel file, is billed as a "pre-filled" form that victims should bring with them to the hospital. In fact, that form is a malicious document.

Please continue to use caution and DO NOT click on any emails or attachments coming from unknown sources.

Visit our Security page for cyber security tips and best practices and know that we are remaining vigilant in managing risk from our side.

We thank you for your patience
while we work through additional call
and email volume from our members.

Effective Monday, May 25, all suburban located branches will reopen to members, with enhanced safety and security measures implemented, from 10:00 a.m. to 3:00 p.m. Downtown branches will remain available via phone only. Find out more.