Beware of fraudulent emails posing as VCIB. Legitimate emails will only come from @vcib.ca and are not promotional.
Know our official communication channels
Cybercriminals sometimes set up lookalike email domains, websites, and even fake call centers in an attempt to defraud people by posing as trusted organizations and businesses. They may pose as someone you trust, like VCIB, and reach out to you out of the blue with attractive financial offers or rates to try to entice you into acting. They may request personal information or the transfer of funds to accounts they control, that could potentially result in the unauthorized access and theft of your sensitive information, including personal data and financial resources.
If you’re contacted by someone claiming to be from VCIB, make sure the person you’re talking to is legitimate. Our communication channels listed below will help you validate that you’re talking to the real VCIB.
Legitimate email messages from VCIB and Vancity will come from:
- @vcib.ca
- @vancity.com
If you receive a phone call and your caller ID says the call is coming from VCIB, keep in mind that phone numbers can easily be spoofed. Tell the caller you’ll call back, and hang up. Call us at one of the numbers listed below to ensure you’re contacting the real VCIB.
Our contact numbers are:
- Inquiries and Questions: 1-888-708-7800
- Telephone device for the deaf: 1-888-702-7702
- Visa Credit Card Cardholder Services: 1-844-266-8242
If you’re contacted by someone who says they’re with VCIB and offering you something you think is just too good to be true, reach out to us at info@vcib.ca or 1-888-708-7800 to validate the communication.
At Vancity Community Investment Bank, we’re committed to keeping your personal and financial information safe and protecting your security. For us, “security” means safeguarding your personal and financial information, and working with you to prevent fraud that could lead to losses for both you and your bank.
Common security threats
Online and mobile banking fraud
We live in a digital world where more people than ever before are banking online or on their mobile phones.
Online and mobile banking make daily banking fast and convenient, and we have implemented a number of tools to make your online experience secure. However, online and mobile banking is never 100 per cent safe. There are many fraudsters out there who’ve made it their business to fool you into sharing your financial information by using sophisticated tools that look real to most users.
In this section, we’ll go over the most common types of online and mobile banking fraud, share what we’re doing to protect you, and give you some quick and easy tips for protecting yourself.
Working together, we’ll make sure anyone who wants to cheat you out of your money won’t stand a chance.
Identity theft
Identity theft (sometimes also known as identity fraud) is one of the fastest-growing crimes in North America. Identity theft is a form of stealing another person’s personal information, and then assuming that person’s identity to access resources or obtain credit and other benefits in the victim’s name.
Just as someone can steal your personal identity, your business’ identity can be stolen. Once stolen, thieves can use your business name and financial information to open a bank account, apply for credit, and run up expenses. Identity thieves can use your good name for all sorts of problematic activities, so it’s critical that you take the necessary steps to protect your personal information.
If you think somebody is trying to illegally obtain your personal or financial information or think you have been a victim of identity theft, contact one of the appropriate areas below immediately:
- Visa Credit Card Cardholder Services at 1.800.611.8472
- Foreign Exchange Services at: 1.800.663.1435
What we do to protect you
Vancity Community Investment Bank, has implemented a number of privacy practices and procedures to prevent unauthorized access, use or manipulation of your personal information, including:
- requiring all employees sign a confidentiality agreement
- implementing electronic security measures such as passwords, pass codes and, where necessary, encryption
- limiting physical access to confidential areas in our buildings
- requiring contractual agreements with our business partners that ensure confidentiality and
- automatic logoff of online banking after an extended period of inactivity.
Our online banking Personal Access features also help protect you by asking you to verify your identity so we can prevent criminals from using your identity or your personal financial information. The features also help ensure that you log in to our secure website and not a fake site. For more information hyperlink to content below.
Top five steps you can take to protect yourself
- Only provide your personal information to organizations that you know and trust.
- Shred unwanted personal documents such as transaction records, credit applications, insurance forms, cheques, financial statements and tax returns.
- Check your credit card and bank account statements regularly for suspicious or unrecognizable transactions. If you notice anything suspicious, report the transactions immediately.
- Check your credit report every year. Services include: Equifax Canada (1.877.227.8800) or TransUnion Canada (1.877.525.3823).
- Report email account requests. If you receive an email requesting your account information, do not provide any information or respond to the email. We never request personal account information by email. Guard your personal information carefully and report any email requests
Top 5 fraud prevention tips
- Minimize the number of credit cards you carry and never leave them in your car.
- Be cautious when giving out personal information on the phone, through the mail or over the Internet.
- Keep documents with personal information in a safe place and shred those you no longer need.
- Pay attention to your billing cycles and monitor your accounts for unusual activity.
- Change passwords regularly on your enviro Visa card, bank and phone accounts.
Malware and spyware
Malware – short for “malicious software” – includes computer viruses, worms, Trojan horses, spyware and other damaging and unwanted software. This kind of malicious software is designed to enter and damage a computer system, without the user’s knowledge or informed consent, in order to steal personal information, such as account numbers, user names, passwords and credit card numbers for the purpose of fraud.
Spyware is a general term used for software that – as the name suggests – “spies” on computer users for a number of possible reasons: to display advertisements (also called “adware”), collect personal information or change the configuration of a user’s computer, generally without formally or adequately obtaining your consent.
Not all software that provides ads or tracks your online activities is bad. For example, you may sign up for a free music service but “pay” for the service by agreeing to receive targeted ads. If you understand the terms and agree to them, that may be a fair tradeoff. You might also agree to let the company track your online activities to determine which ads to show you.
However, other kinds of spyware make changes to your computer that can be annoying and can cause your computer to slow down or stop working outright. These programs can change your web browser’s home page or search page, or add additional components to your browser that you do not want or need. These programs can also make your original settings hard to restore. In some cases, spyware is also downloaded when people download – ironically – fake anti-virus software.
There are a number of ways spyware or other unwanted software can get on your system. A common trick is to covertly install the software during the installation of other software you want such as a music or video file-sharing program.
What we’re doing to protect you
At Vancity Community Investment Bank,, our priority is to ensure we provide you with a secure means of communicating and banking with us online – with features like encryption, online authentication and personal access features, and more.
Top five steps you can take to protect yourself
- Use a firewall. While most spyware and other unwanted software come bundled with other programs, or originate from unscrupulous websites, a small amount of spyware may be placed on your computer remotely by hackers. Installing a firewall or using the firewall that’s built into your operating system provides a helpful defence against these hackers.
- Update your software. One way to help prevent spyware and other unwanted software is to make sure all your software is up to date. The latest versions of Windows XP and Mac OS X both can be setup to receive updates automatically, ensuring you receive all important security updates.
- Download and install antivirus protection. Most Internet service providers (ISPs) now offer antivirus and antispyware software. In addition, Microsoft currently offers free antispyware.
- Adjust your web browser’s security settings. You can adjust your web browser’s security settings to determine how much – or how little – information you are willing to accept from a website.
- Surf and download more safely. The best defence against spyware and other unwanted software is to not download it in the first place. Our tips:
- Only download programs from websites you trust.
- Read all security warnings, license agreements and privacy statements associated with any software you download.
- Never click “agree,” “cancel” or “OK” to close a window. Instead, click the red “x” in the corner of the window, or press the Alt + F4 buttons on your keyboard to close a window.
- Be wary of popular “free” music and movie file-sharing programs, and be sure you clearly understand all of the software packaged with those programs.
Malware and viruses
Con artists and fraudsters are becoming more sophisticated in finding ways to access your personal and financial information online without your knowledge. One of the most insidious methods is through the use of unwanted, malicious software – generally referred to as malware – that’s installed without your knowledge on your computer. This can happen when you go to certain websites, download videos or files, etc.
These malware tools have different functions, but all are designed to extract valuable website use patterns, personal information and passcodes, without the knowledge or consent of the user. Other forms of malware include computer viruses and rootkits, worms, adware, Trojan Horses, spyware and other damaging and unwanted software.
While malware can be tough to detect – often installing on your computer when you download software or a game from the web – you aren’t defenseless against it. Find out more about spyware, viruses and other forms of malware, and what you can do to protect yourself and your computer.
Payment Card (prepaid and credit) fraud
“Card skimming” is an illegal act whereby your payment card magnetic stripe information is stolen or copied without your authorization for the purpose of creating a counterfeit card to make fraudulent purchases in stores, at ATMs or online. Most often this data is collected when magnetic card reading devices are attached to legitimate point of sale pin pads that have hidden cameras that obtain your PIN.
Other types of credit card fraud include:
- Internet or telephone fraud, where fraudsters use stolen credit card information through these channels to make purchases
- identity theft, where stolen identification information is then used to apply for a credit card
- lost/stolen card report scam, where the fraudster reports the card lost or stolen and asks for a replacement to be mailed to their address. They typically make a few transactions prior to making the report to appear as the legitimate cardholder
- non-receipt, where stolen credit cards are intercepted in the mail and activated by the thief.
If you think you may have been a victim of card skimming or another kind of payment card fraud, contact us the Card Holder Care Centre at 1.800.611.8472
How we protect you
Chip and PIN
We’ve implemented the latest chip and PIN technology on our Visa credit cards that gives you an added layer of security. These cards contain an embedded computer chip which stores and processes data. The chip stored encrypted information that is virtually impossible to copy and can only be used when combined with your personal identification number (PIN).
Chip and PIN technology has proven itself as a powerful way to reduce fraud in Canada and other parts of the world. While chip cards have improved security over purely magnetic stripe cards, no technology is 100 percent invulnerable to fraud, and the magnetic stripe on a chip card can still be compromised. Always be vigilant about protecting both your cards and your PINs from others.
Please note that chip and PIN is not yet available on Prepaid Visa gift cards in Canada.
Additional Protection:
Visa’s zero cardholder liability – protection from unauthorized use
Verified by Visa – protection while shopping online
Top five things you can do to avoid payment card fraud
- Under no circumstances provide anyone with your PIN. Provide personal information only when you are sure you know who you are talking to and there is good reason to provide it, and give your credit card information only to websites you trust and know to be legitimate.
- Treat your cards like cash and make sure you never lose sight of them.
- Use your hand or body to shield your PIN when you are conducting transactions at an automated teller machine (ATM) or at a point-of-sale terminal. If a machine looks like it’s been tampered with, don’t use it and alert the vendor.
- Check your card statements regularly. Always report unauthorized or suspicious transactions to your financial institution immediately. Monitor your account activity by using our online banking or mobile app.
- If your Vancity Community Investment Bank (formerly Citizens Bank) credit card is lost or stolen contact us immediately at 1.800.611.8472
Phishing, smishing and fraudulent emails
Phishing is a type of online deception, using fraudulent emails sent to unsuspecting users. It’s designed to steal personal data, such as credit card numbers, passwords or other account information, by masquerading as a legitimate financial institution.
In a typical phishing incident, a con artist will send you a fraudulent email message that appears to come from websites you trust – like Vancity Community Investment Bank, or your phone company – and will request that you click on a link where you will be asked to enter your online credentials and provide personal information through a fraudulent website, masquerading as a legitimate one. The thief will then use the information they receive to access your bank or credit card accounts, spend your money or steal your identity.
Phony emails and websites often include official-looking logos and identifying information fraudsters have taken directly from legitimate websites. These copycat websites can look very authentic and are often where people unwittingly send personal information to con artists.
Smishing (SMS phishing) is a type of mobile banking fraud and a variant of the email phishing scam which uses text messages to fool you into sharing your financial and personal information. The message may say it is from Vancity Community Investment Bank, Visa and that you need to call or link to an Internet site to unlock your account. You will then be asked to provide personal information, often including your account details.
What we’re doing to protect you
Nothing is more important to us than the security of your personal information. If our employees or customers identify a phishing site, we work to bring down the fraudulent site as quickly as possible.
Never respond to unsolicited requests for banking or personal information. Vancity Community Investment Bank never solicits account information from customers by email. If you receive an email or a text message that appears to be from Vancity Community Investment Bank, asking for account information, please consider the email to be fraudulent.
Top five steps you can take to protect yourself
- If you think you’ve received a phishing email message, do not respond to it, and report it immediately to the company being faked or “spoofed”
- Never click links in email messages unless you are sure of the destination. Links in phishing email messages often take you to phony sites that encourage you to transmit personal or financial information. Even if the address bar displays the correct address, don’t risk being fooled – con artists can display a fake URL in the address bar on your browser.
- Never enter personal or financial information into pop-up windows. Simply close the pop-up windows by clicking the X in the top right corner of the window (a “cancel” button may not work as you’d expect).
- Check the security certificate before you enter personal or financial information into a website. You can do this in most web browsers by checking the yellow lock icon on the status bar. If the lock is closed, then the site uses encryption to help protect any sensitive, personal information. If you have an up-to-date browser (which we recommend you always do), look for the green bar.
Viruses and rootkits
Computer viruses are software programs deliberately designed to interfere with computer operation, record, corrupt or delete data, or spread themselves to other computers and throughout the Internet. Viruses often slow things down and cause other problems in the process.
Basic viruses typically require unwary computer users to inadvertently share or send them. Some viruses that are more sophisticated, such as worms, can replicate and send themselves automatically to other computers by controlling other software programs, such as an email sharing application. Certain viruses, called Trojans (named after the fabled Trojan horse) can falsely appear as a beneficial program to coax users into downloading them.
A rootkit is a stealth program installed on your computer that gives a hacker full control of your system and is not detected by anti-virus software.
What we’re doing to protect you
At Vancity Community Investment Bank, our priority is to ensure we provide you with a secure means of communicating and banking with us online – with features like encryption, online authentication and personal access features, and more.
Top five steps you can take to protect yourself
- Keep your computer current with a firewall.
- Ensure the latest updates and industry standard antivirus tools are loaded on your computer.
- Stay current about recent threats, and use safe computing practices when surfing the Internet, downloading files, and opening attachments.
- Back up your system regularly. No computer is invulnerable from viruses, so make sure your data is backed up frequently, so you don’t lose your files if a virus takes hold.
- Never open an email attachment from someone you don’t know, and avoid opening an email attachment from someone you know, unless you know exactly what the attachment is. The sender may be unaware that it contains a virus. Before you open the attachment, scan it with antivirus software.
Report an incident
If you are a Vancity Community Investment Bank member and think you may have been the victim of fraud, or that the security of your personal and financial information has been compromised, report the incident to us immediately:
- Visa Credit Card Cardholder Services at 1.800.611.8472
- Foreign Exchange Services at: 1.800.663.1435
Other agencies
If you have been a victim of fraud, we also encourage you to report the incident to your local police agency in addition to the Canadian Anti-Fraud Centre. In addition to monitoring financial crime and fraud, their website provides good information on fraud prevention.
- Reporting Economic Crime Online: An integrated partnership between international, federal and provincial law enforcement agencies.