About Phishing

The Basics

Phishers love to impersonate:

First, they impersonate financial institutions to collect sensitive financial and personal information such as account numbers, credit card numbers, account usernames and passwords, and social insurance numbers.

Then they impersonate you: they attempt to use this information to charge items to commit identity theft, charge items to your account or borrow money under your name.

Letters from ”government ministers” of foreign countries, or even private citizens claiming to need help transferring large sums of money are one form of phishing.

How they do it

Phishers are gutsy: by using the logos and letterhead of well-known financial institutions, phishers are able to convince up to five per cent of their target victims to respond to them.

You receive an unsolicited email claiming to be from your financial institution asking you to provide them with personal financial information for a variety reasons such as:

  • Register you for a new service
  • Protect you from fraud
  • Update or verify your information due to a security or computer problem
  • Award you a prize/tax refund
  • Sign you up for a special deal or promotion

You may then be asked to click a link to be directed to a website where you can provide the requested information, fill out a form or send the information by replying to the email.

UCU will never ask you to provide sensitive financial information by email.

Everyone is vulnerable

Phishers are becoming increasingly sophisticated in their tactics and have successfully targeted and scammed even savvy Internet users. Your risk of becoming a victim of phishing is not linked to age, race, income or geographical location.

What can I do to protect myself?

There are three easy steps to safeguard yourself against phishing: Stop. Look. Call.


  • Don’t yield to the urge to respond immediately and provide the requested information for fear that "your account will be suspended" or you’ll lose a great deal or offer if you don’t. No matter how upsetting the threat or exciting the offer, take the time to check out the information more closely.
  • Does it make sense? Remember, Ukrainian Credit Union Limited would never ask you to provide sensitive financial information by email. Legitimate financial institutions already have this information in their records.


Phishing emails don’t all look the same. However, here a few tips to bear in mind when examining a suspicious email.

  • Don’t be deceived by the use of logos in an attempt to give the email and websites authenticity. Phishers may use our logo in their personation efforts.
  • There may be a link in the email leading to a cloned replica of our website; this website address will often start with http:// instead of https://, which is one warning sign that the site is not secure and likely fraudulent.
  • A legitimate site will have a padlock icon on the lower right corner of the screen and you should be able to view the security certificate details for the site by clicking this icon.
  • Many phishing emails come with a form within the body of the email, with a request to fill in the personal financial information.
  • In some cases, the phisher may ask you to provide the requested information by replying to the email.


If you receive a phishing email that claims to be from us, immediately call our Call Centre at   416.922.4407 or 1.800.461.0777 to report it. This is the surest way to confirm your suspicions and also enable us to protect other members. We will ask you about details of the email you received and communicate this to our corporate security section for follow-up.