Security learning centre

If you suspect that your bank account has been hacked, there are several immediate steps you should take to protect your finances:

1. Contact Prospera immediately: Call the Prospera Member Service Centre at 1 888 440 4480 or visit a branch as soon as possible to report the incident. Our reps can advise you on the steps to take and may be able to freeze your account to prevent further damage.

2. Change your passwords: Change the passwords for all of your online accounts, including your online banking account. Use a strong, unique password that includes a mix of upper and lowercase letters, numbers, and special characters.

3. Monitor your account: Keep an eye on your bank account and credit card statements for any unusual transactions. Report any unauthorized transactions to Prospera immediately.

4. Check your credit report: Order a copy of your credit report to make sure there are no unauthorized accounts or loans opened in your name.

5. File a police report: If you suspect that your account has been hacked, file a police report. This can help you to document the incident and provide evidence if you need to dispute any fraudulent transactions.

6. Consider adding extra security measures: Activate two-factor authentication for when you log in or account alerts for unusual transactions.

Remember, it's important to act quickly if you suspect your account has been hacked. By taking immediate action, you can help to limit the damage and prevent further fraudulent activity.

Debit card missing? Contact Prospera immediately.

Report online

1. Log in to online banking.
2. Click “account services.”
3. Click “lost/stolen debit card.”
4. Fill out the required information.

Report by phone
Call the Member Service Centre at 1 888 440 4480 during business hours
(Monday to Friday 8 am – 8 pm, and Saturday 9 am – 5 pm).

For more information, click here.

At Prospera we take many precautions to keep your information safe and secure. Here are some of the ways we protect your information:

1. Strong authentication: We require strong passwords be created and updated regularly along with multi-factor authenticiation to verify your identity. This means you will need to use your password and a one-time code that is texted to your phone to login.

2. Encryption: We use encryption technology to protect your data when it is transmitted over the internet or stored on our servers. Encryption makes it much more difficult for unauthorized individuals to intercept and access the data.

3. Firewalls and antivirus software: We use firewalls and antivirus software to protect our systems from unauthorized access and malware.

4. Regular security assessments: We regularly conduct security assessments to identify vulnerabilities and strengthen their defenses against cyber attacks.

5. Training and awareness: We provide regular training and awareness programs to our staff and members on cybersecurity best practices, such as creating strong passwords, recognizing phishing emails, and avoiding public Wi-Fi networks.

6. Compliance with regulations: We are subject to strict regulatory requirements that mandate the protection of member information.

By implementing these and other security measures, we work hard to protect your information and prevent data breaches and other security incidents.

There are several ways to determine whether a website or email is safe:

1. Look for the padlock symbol: Check for a padlock symbol in the address bar of your web browser. This indicates that the website is using a secure connection and encrypting data sent between your computer and the website.

2. Check the URL: Make sure the URL of the website starts with "https://" instead of "http://". The "s" stands for secure and indicates that the website is using a secure connection.

3. Verify the sender's email address: Check the sender's email address to make sure it is from a legitimate source. Beware of emails that use generic salutations, contain spelling or grammar errors, or come from suspicious or unknown sources.

4. Be cautious of unsolicited emails: Be wary of emails that you did not expect or did not request. Avoid clicking on links or downloading attachments from unsolicited emails.

5. Use anti-virus software: Use anti-virus software to protect your computer from malware and viruses.

6. Check reviews and reputation: Check the reputation of the website or company by reading reviews or searching for information about them online.

7. Trust your instincts: If something seems suspicious or too good to be true, it probably is. Trust your instincts and be cautious of websites or emails that seem suspicious or untrustworthy.

By following these guidelines, you can help to protect yourself from scams and cyber attacks and ensure that you are using safe websites and emails.

Phishing is a type of online scam in which a cybercriminal creates a fake website or sends a fraudulent email in an attempt to trick individuals into revealing sensitive information such as usernames, passwords, and credit card details. The goal of a phishing attack is to steal the victim's personal and financial information for financial gain or other malicious purposes.

Phishing scams often take the form of official-looking emails or websites that appear to be from legitimate sources, such as a bank or an online retailer. The email or website may ask the victim to provide personal information or click on a link that will download malware onto their computer. The email or website may also contain urgent or threatening language to create a sense of urgency and convince the victim to act quickly.

To avoid falling victim to a phishing attack, it's important to be wary of any email or website that asks for sensitive information or contains suspicious links. Always verify the sender's email address or the website's URL before entering any personal information, and make sure your computer and web browser are up-to-date with the latest security patches and anti-malware software.

Smishing is a type of cyber attack that involves the use of text messages (SMS) or multimedia messages (MMS) to trick individuals into disclosing sensitive information or downloading malicious software onto their device. Smishing attacks are similar to phishing attacks, but instead of using email, the attacker uses SMS or MMS messages to deliver the malicious content.

A typical smishing attack involves the victim receiving a text message that appears to be from a legitimate source, such as a bank, a retailer, or a social media platform. The message may contain a link or a phone number that the victim is asked to click on or call to provide personal information such as account numbers, passwords, or credit card details. Alternatively, the message may contain a malicious link that, when clicked, installs malware onto the victim's device.

To protect yourself from smishing attacks, it's important to be cautious of unsolicited text messages or messages that contain suspicious links or requests for personal information. Do not click on links or call phone numbers in messages from unknown sources or that look suspicious, and never provide sensitive information to unsolicited requests. Always verify the sender's identity before taking any action and use anti-malware software on your device to protect against smishing and other types of cyber attacks.

Think of a mobile wallet on your phone like a digital pocket for your money. It's designed to keep your money and personal information safe, just like a real wallet in your pocket.

Password Protection: Just like you need a key to open a real wallet, you need a password, PIN, fingerprint, or face recognition to access your mobile wallet. This keeps unauthorized people from getting in.

Encryption: Your mobile wallet uses a special code to turn your sensitive information into a jumble of letters and numbers. Only your phone knows how to decode it, making it hard for hackers to understand your data.

Secure Storage: Your mobile wallet stores information in a safe part of your phone's memory. It's like a hidden, locked vault that's difficult for outsiders to break into.

Two-Factor Authentication: Some mobile wallets use an extra layer of security. After you put in your password, they might send a code to your phone. This means even if someone knows your password, they can't get in without your phone.

Remote Wipe: If you lose your phone, many mobile wallets let you remotely erase your payment information. This way, even if someone finds your phone, they won't find your financial details.

Regular Updates: Developers behind mobile wallets often release updates to fix any security weaknesses they discover. Keeping your mobile wallet app updated helps to keep it safe from new threats.

Trusted Sources: Only download mobile wallet apps from official app stores like Apple's App Store or the Google Play Store. These stores check apps for security before they're allowed in.

Secure Transactions: When you use your mobile wallet to pay for things, it uses special codes and encryption to make sure your payment information is sent safely to the seller.

Remember, while mobile wallets are generally safe, it's important to be cautious. Don't share your passwords or let anyone else access your phone without your permission. And always keep an eye out for any unusual or suspicious activity on your mobile wallet app.