Scams

SIM Card Swap Fraud Expand/Collapse

Scammers are using SIM swapping and phone number porting to gain access to your email, social media and financial accounts; from there, they can access your personal information and data. With this information they may be able to apply for credit in your name, empty your bank accounts, impersonate you to defraud your contact list and more. In the meantime, you lose access to your mobile service, are typically locked out of all your accounts and are left scrambling. 

Stay diligent and protect yourself:

  • Avoid publishing personal information on social media (ex. date of birth, telephone number, postal code, spouse/pet names etc.)
  • Contact your phone provider and ask about additional security measures that may be available
  • If you lose mobile service on your device, contact your service provider immediately
  • Sign up for ALERTS. ALERTS can be set up to notifty you when changes are made, or someone logs into your account. Come in and see us in branch and we can help you get set up. Find out more about ALERTS by clicking here!
  • Remember that Cornerstone will never ask for personal information via email or text

For more information about this scam from the Canadian Anti-Fraud Centre, click here.

Vendor Email Compromise (VEC) Scam Expand/Collapse

This type of attack happens when a hacker poses as company employees or vendors to commit wire transfer fraud and try to leverage organizations against their own suppliers. How it works:

  • Scammers attempt to compromise business email accounts of vendors in a variety of ways, most common is phishing (a fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity in an electronic communication).
  • Once the vendors click on the link, they're redirected to a phishing login page where they are asked to login using their credentials; once the credentials are entered, the attacker uses that information to redirect/forward the emails to themselves.
  • The attacker then monitors the inbox for any emails regarding invoices or payments; they will then duplicate these invoices and send a modified invoice with new banking details pointing to the attacker owned account.
  • The actual target customer is never phished or directly contacted, and the vendor's customer makes payment to the attacker’s bank account instead.
Protect yourself and your business:

  • Require all staff to verbally confirm all wire transfer requests. Encourage this practice even if the request appears to originate from a higher-level staff member or manager.
  • Call vendors and suppliers to confirm the legitimacy of invoices that require payment by wire transfer, especially if a new account number is requested. Make sure staff call the phone number from your file, not from the invoice provided.
 

Find Branch/ATM

Enter address, postal code or branch name