Frequently asked questions about phishing (FAQ)

Click on a question to show or hide the answer.

If you receive a suspicious email or text message:
  • Don't click any links, texts or images.
  • Don't open any attachments or activate any document macros.
  • Don't download or authorize any images.
  • Don't reply to the sender. It only confirms that your email is valid.
  • Forward the email to You will receive an automated reply
  • Delete the email.
Change your password for the site right away.
  • Contact UNI or call:
    • In Canada and the U.S.: 1 877 722-2343
  • Contact Visa Desjardins if you provided any credit card information:
    • In Canada and the U.S.: 1 866 335-0338
    • Other countries: 514-397-4610 (call collect)
  • Forward the email to fishing@desjardins.com0. You will receive an automated reply.
  • Delete the email.
Also contact credit agencies such as Equifax (1-800-465-7166) and TransUnion (1-877-713-3393), so they may add a note in your file alerting credit grantors that you may have been the victim of fraudulent activity.

Test your web security knowledge and behaviour
Phishing is a ploy that scam artists use when they send mass emails or text messages that look like they're from a financial institution or legitimate company.

The emails and text messages are used by ill-intentioned people to steal your personal information or install malicious software on your computer, prompting you to click links or open attachments.

This kind of attack can cause serious damage: you could lose your data and the thieves could steal your personal information to commit further fraud.

Protect yourself by being vigilant and recognizing phishing attempts. A phishing email can take many forms but one common feature is that it's always unsolicited.

Even though phishing is usually associated with emails, some scammers use the telephone and call potential victims, posing as a financial institution employee, investigator or police officer.

The term "phishing" is a variation on "fishing", in the sense it is done at large with the hopes that someone takes the bait and supplies the personal information requested. The term was inspired by the bad spelling of the first phishing attempts.
UNI, may have contacted you by email or text message for various reasons: promotion of various products, client satisfaction survey, etc. However, UNI never sends unsolicited emails or text messages that prompt you to:
  • reveal confidential information like your debit card number, PIN, birthdate, driver's license number, social insurance number or password.
  • go to a website where you have to log in with your username and password (e.g., AccèsD) or enter confidential information.
We recommend that you take the time to read the email before doing anything else. To learn more about how to recognize a phishing email, see 3 telltale signs of a phishing email.
Scam artists may have obtained your e-mail address from a variety of sources.
  • They may have used a spam mailing list on which your address is listed with or without your consent. (These lists are sometimes created from online contest entries. Always be sure to check out the legitimacy of a company before you enter their online contest.)
  • They may have obtained your address via spyware installed without your knowledge on your PC. (Make sure your computer is protected against spyware.)
  • They may have created hundreds of thousands of e-mail addresses randomly by combining first and last names and known domain names, one of which happens to be your personal e-mail address

Once scam artists find an e-mail address that works, they may be tempted to send e-mails to that address over and over again.

Though phishing is generally associated with e-mail, some computer criminals use the phone as well. In this case, pirates call victims on the phone and pose as a financial institution employee, an investigator or a police officer.

To learn more about how to recognize a phishing email, see 3 telltale signs of a phishing email.
In order for attempted phishing to be successful, fraud artists have to create a phony Web site on the Web.

If you use a recognized search engine, you may come across phony websites in your search results.

UNI always takes immediate action to shut down these fraudulent sites but sometimes, a few minutes or a few hours may go by before the appropriate authorities and ISP providers can act.

Never go to AccèsD via a search engine. Always type in your address bar and click on the AccèsD link.

If you think you may have been on a fraudulent website and provided personal information, see What do I do if I've replied to a fraudulent email or text message?
No, your account and the AccèsD service on which you make online transactions does not have an end date and cannot expire. Only you can decide to close your account or stop using the service.
No. There are security measures in place to prevent scam artists from being able to access Caisse computer systems. That's why they are attempting to obtain your access code, password, social insurance number, and birth date through phishing rather than through our systems. UNI Web site is secure and your personal information will remain confidential.
Unfortunately, it is likely that you may occasionally receive fraudulent e-mail appearing to have been sent by Desjardins or other financial institutions.

Your best protection is to stay vigilant:

  • Never respond to an e-mail or text message requesting personal information, regardless of who the sender is.
  • Never provide personal information like your debit card number, birthdate or social insurance number, unless you are the one who initiated contact.
  • Never share your password with a Caisse employee, police authority or anyone. Our employees and law officers know that they can't ask for this information.
  • Never click on a link inside an e-mail or text message to log on to AccèsD or any other transactional site requiring an access code or password.
  • Never open e-mail or text message attachments if you don't know the sender.
  • Always access the AccèsD (Online or mobile) or AccèsD Affaires log on page from your browser using the address.
  • Look for a closed padlock in your browser's status bar, ensuring you are in a secured online environment. Also make sure the address displayed has an "s" in "https". You should also be able to view the site's digital certificates by double-clicking on the little closed padlock in your browser's status bar.

Also ensure your personal computer is adequately protected.

Financial information

With your debit card number and pass word, scam artists can access your account and make transactions or even purchases from your account or from your Visa Desjardins credit card to a recipient, who is usually an accomplice.

Personal information

If you provided information about your identity, such as your date of birth, social insurance number or driver's license number, the scam artist could try to steal your identity and use the information to get a credit card, loan or line of credit at another financial institution.

Learn more about Identity theft.
Not at all. Phishing is being practiced increasingly throughout the world and principally at financial institutions.

To ensure we get all the information we need about the fraudulent site, please forward both the e-mail and the site address in the following way:

  1. In the body of the e-mail, place your cursor over the link leading to the fraudulent site.
  2. Click on the right button of your mouse and select "Copy shortcut" (wording may differ).
    Copier le raccourci
  3. From your e-mail software or site, click on "Forward".
  4. In the top part of the message, click the right hand button of your mouse and click on "Paste".
  5. Enter the address and send.

For more information