Fake Google ad phishing scam
August 14, 2020
Late last month, Sunova Credit Union, and several of our members, were the unfortunate victims of a ‘phishing’ attack, which resulted in our online banking website being impersonated, and a fake google ad being taken out using our name (like the top ad shown below). With this style of attack, the fraudsters impersonate a business and attempt to lure people to input personal information.
The site was reported as fraudulent as soon as we were aware of its existence; unfortunately, by that point, several members had been impacted by the scam. On August 18, we were made aware that another fraudulent Google ad has appeared. It has also been reported and we are waiting for it to be removed.
This type of scam is not a security breach, and only those who clicked on the link and entered their information to the false site were affected, however, out of an abundance of caution and to help protect our members’ funds, we are temporarily disabling the e-transfer feature and external transfers from online banking until we can be certain the fraudulent site is taken down.
While we can’t always prevent scammers from creating new phishing tactics, we would like to remind everyone of a few ways to protect yourself from phishing scams.
Phishing scammers tend to create a false sense of urgency
Scammers want you to act fast and respond in fear. Or, in the case above, they will try to take advantage when you might not be paying attention to the details of the link you’re clicking on. Always take time to check links, email addresses, and fact check information in messages. It is recommended that you download our app or bookmark our site (sunovacu.ca), rather than using google to access online banking. That way, there’s no risk of accidentally clicking on a fraudulent site that appears similar to ours.
We will never ask for account information over text or email
Sunova (and any financial institution for that matter) will never text or email asking for personal account information such as passwords. Only you should know your password.
Google ads and messages from Sunova
As a company, we do run Google Ads to promote products and services; however, we never run ads that promote or link directly to our online banking site. Our ads will link to our main, public-facing website, or an article within it, which is www.sunovacu.ca.
As well, whenever you are accessing our online banking site be sure to verify the URL is correct before inputting your password. The site URL should be https://online.sunovacu.ca/.
If you ever get a message claiming to be from Sunova, and, if you are unsure if it’s real, type our website out in your browser to come directly to our website and contact us with the information we provide there.
You can find more information about online safety on our website at www.sunovacu.ca/personal/banking/banking-safety/
What to do if you’re a victim of a phishing attack
We hope this never happens, but, if you notice any suspicious transactions or fraudulent activity on your account, change your online banking password immediately and contact us right away.