Last updated on

Fraud

Your security is our top priority

At Questbank, we use industry-leading technology and 24/7 monitoring to keep your money and identity safe. Learn how we protect you and the simple steps you can take to stay secure.

The digital world has many online security threats, fraud, and scams1. Learning about them and taking simple steps will help you protect yourself.

Your security and fraud protection

You are not liable for unauthorized transactions made with your card—whether in-store, online, or via mobile—provided you have taken reasonable care to safeguard your account information as outlined in your account agreement.

Questbank is committed to safeguarding you against fraud by using advanced security technologies, robust security measures, training our staff, and providing you with essential security tips and resources.

Proactive steps to protect your accounts

Protecting your financial well-being is a partnership; adopting these habits is your first and best line of defense.

Your digital defense

  • Enable multi-factor authentication (MFA): We strongly recommend turning on MFA. This adds a second layer of defense to your account, ensuring that even if someone steals your password, they can’t get in.
  • Safeguard your credentials: Never share your PIN, online banking password, one-time passcodes (OTP), card expiry or CVV2 (the 3-digit code on the back of the card) with anyone, including family members, friends, or anyone claiming to be from Questbank or the police.
  • Secure your mobile device: If you use a digital wallet (e.g., Apple Pay, Google Pay), your device acts as your card. Secure it with a unique passcode or biometric.
  • Automate your updates: Set your phone and computer to update software automatically. These updates contain critical security patches that block the latest cyber threats.
  • Monitor in real-time: Check your transaction history regularly.

Your personal vigilance

  • Be skeptical of urgency: Fraudsters try to panic you. Remember: Questbank will never call, text, or email you asking for your password, PIN, or MFA one-time codes.
  • Protect your paper trail: Shred any documents containing your name, address, or Social Insurance Number (SIN). Never leave sensitive mail in unsecured areas.
  • Verify before you click: Be wary of links or attachments in emails from unrecognized senders. If you aren’t 100% sure, don’t click.
  • Shop securely: Only enter credit card details on trusted, secure websites. Avoid banking or shopping on public Wi-Fi.
  • Privacy on social media: Adjust your privacy settings and be mindful of what you share on social media. Avoid posting details that could be used to verify your identity, such as your full birthdate, mother’s maiden name, or home address.
  • Review and report immediately: Make it a habit to check your bank and credit card statements at least once a month. If you notice a transaction you don’t recognize, contact us immediately.

For more security tips and how to protect yourself from different fraud threats, click here.

Common fraud types: What to watch for and tips to protect yourself

Credit card and digital payment fraud

The scam: Fraudsters use stolen card data for unauthorized online shopping or create copies of your digital identity.

How to protect yourself: If you have any suspicion that you may be a victim, act fast by opening the Questbank Mobile app. Tap the Card Management icon and select “Lock Card” to secure your account instantly.

Security tip: Keep your CVV2 (the 3-digit code on the back of the card) and expiry date private—never share them on websites you don’t trust.

Mortgage and title fraud

Title fraud scams: Fraudsters use stolen IDs to “sell” a home they don’t own or take out a new mortgage.

Tip: We strongly recommend Title Insurance for all homeowners to provide legal and financial protection.

Mortgage closing scams: Fraudsters may hack a lawyer’s or agent’s email to send “last-minute” changes to your wire transfer instructions.

Tip: Never wire money based on an email alone. Always call your lawyer at a known, trusted number to verbally confirm the account details before sending funds.

Investment and savings scams

The scam: “Guaranteed” high-return offers or “urgent” issues with your high-interest savings account designed to make you move money to an external “safe” account.

How to protect yourself: Questbank will never ask you to move money to another institution for “safekeeping.” Verify all investment offers through our official website portal.

Digital scams: Phishing and beyond

The scam: Fake emails (phishing), texts (smishing), or calls (vishing) that look like they are from Questbank, often claiming your account is “locked” or “under review”.

Phishing scams often ask you to:

  • Log into your account to claim an offer or dispute a transaction.
  • Fill out a survey that includes key personal information.
  • Download, install, or run software that contains an information-harvesting virus.
  • Open an attachment that will install software malware to “spy” on your system.

How to protect yourself: Do not click links.

Tip: Never download attachments from emails you weren’t expecting—even if they look like a “bank statement.” Always look at the sender’s email address. If it isn’t from @questbank.com, it’s a scam.

For more information on how to report phishing, please click here.

Grandparent scams (emergency scams)

The scam: Fraudsters contact you posing as a family member (often a grandchild) or a person in authority (like a lawyer or police officer) claiming the family member is in trouble. They create a sense of intense urgency, claiming funds are needed immediately for bail, medical bills, or legal fees.

How to protect yourself:

  • Verify the identity: If you receive a call like this, hang up and call the family member back on a known, trusted number to verify the story.
  • Be skeptical of urgency: Fraudsters try to panic you into acting without thinking. Remember that legitimate authorities or family members will not demand immediate payment via wire transfer or cryptocurrency.
  • Keep it private: Be mindful of what you share on social media, as scammers use personal details like family names and travel plans to make their stories more convincing.

Romance scams

The scam: Scammers create fake online profiles to build a trusting relationship over time. Once they have gained your trust, they will ask for money for an “emergency,” a “business opportunity,” or travel expenses to finally meet in person.

How to protect yourself:

  • Never send money: Questbank will never ask you to move money to an external account or institution for “safekeeping” or to help someone you have only met online.
  • Spot the red flags: Be wary if the person always has an excuse for why they cannot meet in person or join a video call.
  • Report suspicious activity: If a transaction feels wrong, contact Questbank immediately at 1-888-403-8440 to investigate.

How to report fraud

At Questbank, protecting your security is a top priority. If you suspect your confidential data, personal information, or account information has been stolen or obtained fraudulently by a third party, or if you have encountered suspicious activity, please use the appropriate reporting channels below immediately.

Please note: The reportfraud@questbank.com address is an automated mailbox. You will not receive a personal reply from this address. If you require a response or immediate assistance regarding your account, please call us directly.

If you suspect you are a victim of identity theft, you should:

  • Contact your local police and get a copy of the police report.
  • Contact your financial institutions and change any compromised passwords.
  • Contact both credit bureaus: Equifax Canada and TransUnion Canada.

If you are reporting a lost or stolen card:

  • Open the Questbank Mobile App, tap the Card Management icon, and select “Replace Card”. Just follow the prompts!
  • Or contact Questbank immediately at 1-888-403-8440.

If you have been a victim of a scam, fraud, or identity theft, or if you have inadvertently shared personal or financial information, you should also report the incident to the Canadian Anti-Fraud Centre (CAFC). The CAFC is the central agency in Canada that gathers intelligence on fraud and assists law enforcement in identifying trends and disrupting criminal networks.

How to report to the CAFC:

What to have ready: When filing a report, be prepared to provide details of the communication (emails, phone numbers, or websites used by the fraudster), the dates of the occurrence, and any loss of funds or personal information.

Note: Reporting to the CAFC does not replace reporting to Questbank. Please ensure you contact Questbank immediately to secure your accounts first.

In addition, the Government of Canada has a helpful guide on who can ask for your Social Insurance Number (SIN) and who can’t. It provides directions on what to do if you think someone is fraudulently using your Social Insurance Number. Please note Questbank will never ask for a SIN over an unsecured channel (email or text).

Reporting suspicious emails and text messages (phishing)

Phishing is an attempt to trick you into revealing sensitive information by impersonating a trustworthy entity. If you receive a suspicious email and/or text message claiming to be from Questbank:

  • Forward the email to phishing@questbank.com.
  • Do not click any links or open any attachments.
  • Delete the email from your inbox immediately after forwarding.

Please note: The phishing@questbank.com address is an automated mailbox monitored specifically for the analysis of security threats and website fraud. You will not receive a personal reply from this address. If you require a response or immediate assistance regarding your account, please call us directly.

Reporting fraudulent websites

To report a fake website designed to look like a Questbank property, please send an email to phishing@questbank.com with the subject line “Fake Questbank Website” and copy and paste the full URL (web address) into the body of your email.

1 For the purposes of this guide, a "scam" refers to any fraudulent solicitation where a client is induced to disclose sensitive data or authorize a transaction under false pretenses. Please note that transactions you personally authorize, even if based on a scam, may have different recovery protections than unauthorized account takeovers.