While this isn’t technically an online scam, it falls squarely under the umbrella of digital security, and it’s a good reminder of how quickly fraudsters adapt to new technology. Recently, some Canadians have reported a tactic known as “ghost tapping” or “tap card swapping.” It’s fast, subtle, and designed to catch people off guard during everyday transactions.

Here’s what you need to know – and how to keep yourself safe.

What Is Ghost Tapping?

Ghost tapping is a type of physical point-of-sale fraud where criminals trick someone into tapping their payment terminal, but the tap isn’t actually going toward the purchase the person is trying to make. Instead, the fraudster manipulates the situation so the victim unknowingly taps a device associated with the scammer, allowing an unauthorized payment.

This can happen in a few ways:

🔹 A fraudster brings their own mobile terminal or contactless reader close enough for someone to tap without realizing it.
🔹 A criminal distracts the victim by placing their own device near a legitimate terminal, making it look like a normal tap interaction.
🔹 Someone posing as a vendor “helps” with the tap by holding a machine, but it isn’t the merchant’s machine at all.

No PIN is entered, and the transaction appears seamless… which is exactly the problem.

Why It Works

Ghost tapping succeeds because tap payments are designed to be quick and convenient. Most of us have developed the habit of tapping without thinking – especially for small purchases.

Fraudsters take advantage of:

🔸 Busy environments (markets, festivals, street vendors, busy stores)
🔸 Split-second distractions
🔸 Assumptions of trust (“They’re behind a table, so they must be the vendor”)
🔸 People tapping without checking the screen first

Like other digital-security threats, ghost tapping works because it blends into our daily routines.

What Ghost Tapping Isn’t

To help clear things up:

🔹 It doesn’t involve someone wirelessly lifting your card number from your wallet, that’s a myth.
🔹 It doesn’t involve hacking your debit card chip.
🔹 It doesn’t bypass normal payment limits.

The scam only works when a fraudster gets you to physically tap their device.

How to Protect Yourself

A few small habits go a long way in preventing this type of fraud.

✔️ Always look at the terminal before tapping
Check the dollar amount, the screen, and whether the terminal is actually a merchant’s device.

✔️ If someone hands you a point-of-sale machine, take it in your own hands
Don’t tap a machine someone is holding up toward you. It should be placed on the counter or firmly in your possession.

✔️ Be cautious in busy or pop-up environments
Farmer’s markets, events, and festivals are great, but they’re also prime targets for distraction scams. Take an extra second to confirm the device.

✔️ Use mobile wallets when possible
Apple Pay, Google Wallet, and Samsung Pay tokenize your card number, adding an extra layer of protection.

✔️ Monitor your account regularly
Check your transactions after outings and enable account alerts through online or mobile banking.

✔️ If something feels rushed or odd, pause
Fraudsters rely on speed. Slowing down makes the scam much harder to pull off.

What To Do If You Think You Were Targeted

If you suspect an unauthorized tap transaction:

1️⃣ Contact StellerVista right away so we can help investigate and protect your account.
2️⃣ Review recent transactions carefully, noting anything unexpected.

We’re here to support you and most fraudulent transactions can be resolved when reported quickly.

Staying Safe Is a Team Effort

Digital and physical fraud techniques continue to evolve, but staying informed is one of the best tools we have. By taking a moment to verify each tap, you reduce the risk of falling victim to ghost tapping and other point-of-sale scams.

If you ever have questions about security, or something just doesn’t feel right, our team at StellerVista is always happy to help.

Over the past few months, we’ve seen a real rise in text-based phishing scams—sometimes called “smishing.” While this type of fraud isn’t new, it is becoming much more common, and unfortunately, much more convincing.

The reason? Scammers are getting better at making their texts look like the kind of messages we may actually expect to receive. A delivery notice with a link to pay a small duty fee. A message claiming to be from ICBC about an outstanding ticket. Even a text that looks like it’s from your cable or phone provider. These are often short, urgent, and believable—which is exactly why they’re effective.

Unlike the old days of poorly written emails, these scam texts are short, polished, and often copy-paste the real language and style of legitimate organizations.

What to Watch For

📱 Unexpected texts about packages, fines, or bills
⚠️ Messages that push urgency (“Pay now to avoid penalties”)
🔗 Links that don’t look quite right—or are shortened to hide where they lead
💸 Requests for payment by e-transfer, credit card, or gift cards

How to Protect Yourself

⏸ Pause before reacting—real organizations won’t demand instant payment by text
🔍 Verify directly—use the official phone number or website to confirm (not the phone number they give by text)
🗑 When in doubt, delete—don’t click links or reply to suspicious texts

Scammers are counting on us to react quickly and not think twice. Taking a short pause could save you money and protect your personal information.

If you receive a suspicious text, report it to your phone provider and to the impersonated organization. And remember—you can always reach out to us at stellervista.com/fraud if you’re unsure.

Be informed. Be cautious. Be safe.

We’ve all had it—a letter, call, or email from someone like ICBC or the municipality when we weren’t really expecting it. It’s usually something that seems to require action—pay a bill, confirm info, click a link. And that moment of hesitation? That’s exactly what scammers are counting on.

While CRA scams have been around for years, a new wave of phishing scams is targeting potential victims by impersonating more localized services—anything from BC Hydro to your local library. Since most people are familiar with how the CRA typically communicates, scammers are shifting tactics and seeing more success with less-familiar names. It’s the same trick, just with a new mask—and unfortunately, it’s working.

The good news? The defense hasn’t changed:

If you didn’t expect the contact, don’t trust the request. If something feels even a little off—don’t click, don’t reply, don’t pay. Instead, look up the agency’s official contact info (phone, email, website, or visit in person) and verify every detail directly with them.

Red Flags to Watch For:

📬 Unsolicited messages about bills, tax refunds, or fines
⚠️ Urgent demands to act now or face penalties
🔗 Links with slightly altered URLs
🛑 Requests for personal info, passwords, or payment by e-transfer/gift cards

Protect Yourself:

⏸ Pause before reacting—real agencies don’t rush you
🔍 Verify directly—use the official website or contact info
🧐 Hover (don’t click!) to preview where a link actually leads

Think it’s a scam?

Report it to the impersonated organization—and to us at StellerVista.com/Fraud.

Be cautious. Be confident. Be safe.

While the latter is not as certain as the former… encountering tax scams (especially this time of year) is becoming increasingly common for many Canadians. While scammers are going to use every trick in the book, most commonly they’ll use phone calls, emails, texts, or social media messages—pretending to be from the CRA–to catch you off-guard. The scams vary, but they almost always involve threats of legal action, urgent requests for personal details, or promises of a big “refund.” Don’t be fooled: the CRA will rarely (if ever) make an unexpected claim of money from you. And if they do, they have formal, calm, approaches that give you ample notice and time.

If you get a suspicious message claiming to be from the CRA, stop and think. Official government communications typically arrive by mail or through your secure My Account online. When in doubt, hang up or ignore the message, then contact the CRA directly at their published phone number to confirm. And watch out for sneaky links! Clicking a link in an unexpected text or email can take you straight to a phishing site.

• 🔎 Verify the sender by looking up the official CRA contact details before responding.
• 🚫 Avoid sharing personal information (like SIN or PIN) if something feels off.
• ⚠️ Ignore intimidation—legitimate CRA agents won’t threaten arrest or demand immediate payment.
• 🔐 Log in through official portals only—never click suspicious links in texts or emails.

Staying safe is about staying informed. Remember: a genuine CRA agent won’t use pressure tactics or ask for sensitive details like your login credentials via text or email. Spot something off? Trust your instincts—delete or disconnect and verify before responding. If you or someone you know has encountered a scam, please let us know right away at StellerVista.com/Fraud

While some of us keep a keen eye peeled for Santa, he’s not the only one coming to town this time of year – so too are the scammers. One of the most common fraud tactics we currently see involves e-transfer scams, where criminals trick people into sending money online. They don’t break-in or steal it, they simply trick someone into handing (sending) over their money.

How do these scams work? Fraudsters may pose as legitimate companies, friends, or even government agencies. They often send convincing messages urging immediate action, like claiming you’ve won a prize, need to pay a bill, or fix a banking issue. These scams target anyone using online banking, so it's important to stay aware and cautious.

Why do they increase during the holidays? The surge in online shopping, holiday promotions, and digital gift-giving creates more opportunities for scams. Scammers exploit the season’s urgency and generosity, knowing people may be more likely to act quickly without verifying details.

Here are some essential tips to keep your finances secure: 

1. Only Send Money to People You Trust: E-transfers should be used only with trusted contacts. If you receive a transfer request from someone unexpected, you should very likely ignore it. No legitimate company or service (or friend) will ask you for money before having made proper communication with you first.

2. Use Strong Security Questions and Answers: When setting up an e-transfer, choose security questions and answers that are not easy to guess. Avoid common answers like birthdays, pet names, or anything that can be found on social media.

3. Be Wary of Phishing Scams: Fraudsters may send emails or text messages requesting money, that appear to be from legitimate financial institutions. Look out for:
   1. Urgent language prompting immediate action.
   2. Spelling mistakes or unfamiliar sender addresses.
   3. Links directing you to unknown websites.

4. Enable Auto-Deposit: Most financial institutions, including StellerVista Credit Union, offer auto-deposit. This feature automatically deposits e-transfers into your account, bypassing the need for security questions and reducing the risk of interception.

5. Monitor Your Account Regularly and Use Alerts: Check your account activity frequently to spot any unauthorized transactions. You can setup MemberDirect Alerts for real-time updates, by text or email, on transactions in you account as they happen.

6. Stay Updated on Fraud Prevention: Keep up with fraud alerts from trusted sources like StellerVista, Interac, and law enforcement agencies. Being aware of the latest scams helps you stay one step ahead. Since you’re still here reading – you’re on the right track.

 Happy holidays everyone – and stay diligent out there!

You there! Stop writing down all those passwords.

We’ve all heard it and we all know it... You must use a strong, unique password for every account, and please don’t write them down anywhere! But between our phones, apps, streaming services, and work logins, the average person now manages well over 50 different accounts. So is this even possible without help? No... it's safe to say it's not.

Enter "password managers"—tools designed to help you securely create, store, and manage your credentials in one place. Understandably, some have hesitation when it comes to using password managers—Are they safe? Hard to use? What if they get hacked? To help you decide if a password manager is right for you, let's break a few myths or misconceptions.

Myth #1: Password Managers are Vulnerable to Hackers.
🛡️ Reality: Password managers use robust encryption, making your data almost impossible to access. Whether built-in (on phones and browsers) or app-based, they add a significant layer of security as long as you follow basic protocols, like using a strong master password and enabling two-factor authentication. This... is far more secure than that piece of paper beside the computer.

Myth #2: Some Company Now Knows All My Passwords 🤔
🛡️ Reality: Password managers don’t “know” your passwords. They use strong encryption to store your data securely, meaning only you can access it. Whether using built-in managers (like those on your phone or browser) or third-party apps like LastPass or 1Password, your information remains private. Even the password manager service itself can’t view your credentials. It’s all about adding a secure layer between you and potential threats, not exposing your data to anyone else.

Myth #3: It’s a Hassle to Set Up.
🛡️ Reality: Modern password managers are intuitive and user-friendly. With browser extensions and mobile apps, autofilling and saving passwords becomes seamless. Once set up, you’ll never need to click “Forgot Password” again. 😉

Final Thoughts 💭
The biggest risk of fraud online is human error—like choosing a weak master password or sharing/exposing your credentials. Password managers both simplify your digital life and make it more secure. They use military-grade encryption 🔒 to store your data, and while there is a bit of initial setup, it’s very user-friendly, and most anyone can do it. We believe that the benefits far outweigh the effort. 

Remember: Unlike that late afternoon coffee... stronger is always better.

Possibly not who you think… unfortunately.

Multi-factor Authentication (MFA), 2-Step Verification (2SV), 2-Factor Authentication (2FA) — these terms might sound technical, but they're crucial for safeguarding your online activities. Essentially, these methods verify your identity beyond just a password. From banking to social media - an ever increasing number of sites have added this extra step. Whether it's a text message code, a biometric scan, or a security key, it is an added layer that helps to keep your account stays secure, even if someone else knows your password. 

At StellerVista, security is a priority, which is why multi-factor authentication is standard across all our online banking services. However, not all platforms make this a mandatory step. Our advice? Don't skip this option, even for your email or online shopping accounts. Integrating 2FA is more than a recommendation—it's essential for protecting your digital identity. As this technology becomes more common, familiarizing yourself with it is a significant step toward avoiding fraud and maintaining your privacy.

Stay vigilant—yes, it's an extra login step, but it's a small inconvenience for a significant increase in protection.

If you’re a savvy buyer (or seller), social media can be a great tool. Shortening the time you need to wait, allowing you to compare prices and options, and to maybe even find that one-of-a-kind item that no store will have. But of course, at the intersection of second-hand and online shopping, your need for diligence is of the utmost importance. There is no intermediary, and the actions you take cannot easily be undone. The following tips should always be kept in mind when shopping any social media avenue:

🕵️‍♂️ Spot the Fakers: Too-good-to-be-true offers are probably just that. Scammers will create fake accounts and list items at a great price to try and get you to engage with them. A scammer’s dream, you starting the conversation with them! You can try to review their profile and compare similar items – but trust your gut here; if it seems off, it probably is.

💸 Overpayment is a Common Scam: This is where an alleged buyer will claim to have sent payment to you, beyond the set amount, and will request that you send some funds back. Reasonably, this should never occur – and if it genuinely has, ensure you have the payment in full before dealing with any refund. However, in most all cases of an overpayment refund request, it’s a scam and you will not receive the funds they are claiming to have sent you.

🚫 Say No to Unusual Payment Methods: Simplicity is your safeguard here. Beware of convoluted payment propositions that’ll likely leave you with nothing but a story. Clear red flags include an offer to pay via gift card, digital currency, or even a classic suggestion that 'the cheque is in the mail'. Keep transactions clear-cut: for in-person exchanges, cash or eTransfers are as good as it gets. For items you'll ship, insist on eTransfers to avoid the pitfalls of phantom payments – and if you’re buying via eTransfer, be 100% certain the person (and their offering) is real. Remember, a face-to-face meetup at the time of exchange isn't just sociable—it's a solid strategy to ensure a secure sale.

🔑 Privacy is Paramount: In buying or selling, any requests for personal information from you are an immediate cue to end the interaction. There is zero need to share any information in today’s age, and you should be able to conduct the transaction in full via the social media messaging apps. Even a request for a phone number is generally unnecessary. As best you can, always keep the communication of these transactions on social. If you are comfortable sharing your phone number – an unneeded step – be sure to keep it at that and nothing more. Your personal information is more valuable that you know.

While the potential for scams is real, so too is the potential to buy and sell items in a highly convenient, modern, and even local way. If you are a diligent person, there can be great value in these new and emerging social media commerce channels – but here more than anywhere, the onus is on the individual to be safe and secure in doing so. If you see something out there, say something – the more we share info about scams, the more equipped we can all be!

Customizable alerts, through StellerVista online banking, let you get real-time banking transaction information delivered to you, as it happens. There is no faster way to stay on top of your finances.

Immediate Notifications: Get alerts for crucial account activities directly to your email or mobile device. Instant information allows you to respond swiftly to any unauthorized access or transactions.

Customizable: Decide what alerts you receive and how you receive them. Personalize your banking experience to suit your lifestyle.

Peace of Mind, Anytime: With around-the-clock monitoring, you can relax knowing that you’re always informed about your account's status, no matter where you are.

Getting started is simple! Just log into your StellerVista online banking and click on "Messages and Alerts" to set up whatever it is you want to keep track of. Need a hand setting it up? Reach out to us by email or phone any time!

👵💚 While everyone is a potential target, we definitely see a trend of focus on seniors. What may seem obvious to one person may be completely foreign to another - so take these quick tips with you and share them with your loved ones. Knowledge is our best defence!

1️⃣ Change passwords regularly: Encourage your parents and loved ones to update their passwords frequently. 🔑

2️⃣ Keep passwords private: Remind them never to share their passwords with anyone. 🤐

3️⃣ Verify suspicious links: If they receive an email or text with a suspicious link, just don't click it. 🚫

While there is a lot to lookout for, these three pieces can go a long way in staying safe online. 💪💙 Be sure to share your knowledge! Together, we can prevent fraud and protect our loved ones.