Double up on security with Two-Step Authentication
At Meridian, we’re committed to helping every Member live their best life. Part of our commitment involves keeping you informed about potential risks and scams, while providing you with access to support. Learning about Two-Step Authentication (“2FA”)/One Time Passcode (“OTP”) scams and recognizing the signs and tactics of this fraud can help protect you and your loved ones.
What is a 2FA/OTP Scam?
In this scenario, scammers call a victim and impersonate a legitimate organization, such as the victim’s bank. Scammers sometimes pretend to be the employee of a financial institution, calling about a suspected fraudulent transaction or identity theft concern. Usually, the scammers have already managed to gain access to their victim’s username and password through phishing methods. When the scammers start the login process, an OTP is sent to the victim.
To complete the final step to access the victim’s account, scammers then contact the victim to obtain the OTP that was just sent to their phone. The scammers often start the OTP request by stating that “the OTP is required for me to verify your identity.” Once scammers have the OTP/login information, they can use it to gain access to online banking and deplete funds from the account.
How to spot a 2FA/OTP Scam
-
Meridian may send an OTP to verify your attempts to gain access to your Online Banking account. Therefore, if you suddenly receive an OTP, but made no attempt to access Online Banking, it may indicate attempted unauthorized access.
-
Anyone asking you to share or “confirm” your OTP should be treated with suspicion. Meridian will never ask you to disclose your OTP.
Protect yourself with these steps
- Never share your OTP with anyone, under any circumstances. OTPs are confidential and providing them to an individual will grant that individual access to your account. Meridian will never ask you to share your OTP with us.
- Never provide remote access to your computer.
- Always verify the website address to ensure it is legitimate before entering your OTP into a webpage.
- Never provide information to individuals you are unable to authenticate on a call. If in doubt, hang up and call back via an official phone number, such as the number on the back of your debit or credit card. Never use a phone number without verifying it independently such as through an official website (Meridiancu.ca).
- Always use unique and strong passwords for your accounts and change your passwords frequently. Scammers often re-use passwords and login information obtained from previous attacks, so unique passwords, updated regularly, will help to protect you.
- Never click on suspicious links or attachments, even if the sender seems legitimate.
- Do not use public WiFi to conduct financial transactions or transfer sensitive data. Instead, use secure WiFi networks that are trusted and encrypted.
Tip for added security: If you have a smart phone, we suggest using the Meridian mobile app as your notification method (instead of a phone call or text message). To enable this feature, sign in to the mobile app, tap the settings menu, select “Two-Step Authentication,” and choose “Meridian App Notification.”
Learn more about protecting what’s yours
If you encounter a scam, or believe you have been the victim of fraud, Meridian recommends that you:
- Report the incident to your local police immediately
- Talk to our Fraud Team at 1-866-592-2226
- Report the incident to the Canadian Anti-Fraud Centre
Legal Notice and Disclaimer of Liability
Information provided by Meridian Credit Union Ltd. in this article is for informational purposes only, and we cannot guarantee it is accurate or complete or current at all times. This information is not intended to provide financial or legal advice and should not be relied upon in that regard.
