When we talk about fraud, we often think about bogus transactions. But it's just as important to protect your actual merchant account from fraudsters who try to gain unauthorized access. They're sneaky and use various tricks to try and get your login details.
Don't worry, though! This article will help you understand these common scams and give you practical, straightforward tips to keep your account under lock and key.
In this article
Common scams fraudsters use to access accounts
Fraudsters are always dreaming up new ways to trick people, but many of their tactics fall into a few common categories. Their goal is usually the same: to get access to your sensitive information (like usernames, passwords, or financial details) for their own gain.
Here are the main types you should know about.
Phishing (Email Scams)
You've probably seen these. Fraudulent emails pretending to be from a reputable company (like a bank, a supplier, or even us!) try to get you to click a link or open an attachment. The link might go to a fake login page that looks real, hoping you'll enter your credentials.
| Example: An email that looks like it's from your bank says there's a problem with your account and you need to click a link to update your password immediately. |
Vishing (Voice/Phone Scams)
This is phishing, but done over the phone. Fraudsters call you, pretending to be someone official.
| Example: Someone calls claiming to be from the Canada Revenue Agency (CRA) or the IRS, saying you owe taxes and must pay immediately to avoid legal action or even arrest. They often use scare tactics. |
Smishing (SMS/Text Message Scams)
You guessed it – these are phishing attempts made through text messages.
| Example: A text message, seemingly from a local health authority or a delivery company, asks you to click a link to update your information for contact tracing or to reschedule a delivery. |
Your defense strategy: best practices for information security
Knowing what to look for is half the battle. The other half is putting good security habits in place for yourself and your team.
Quick checklist: account security essentials
Use strong, unique passwords: Create complex passwords that are different for each of your online accounts (especially important ones like your Helcim account!). A password manager can be a lifesaver here.
Enable Two-Factor Authentication (2FA): Turn on 2FA whenever it's offered. This adds an extra layer of security, meaning even if someone gets your password, they still can't log in without the second piece of the puzzle (like a code from your phone).
Train your team: Make sure anyone on your team who handles payments or has access to sensitive information knows about these scams and security practices.
Be skeptical of unsolicited communications: If you get an unexpected email, call, or text asking for information or urging you to click a link, be suspicious.
Verify directly: If you receive a questionable message from a company, don't use the contact information or links in the message. Instead, go to their official website (by typing it into your browser directly) or use a known phone number to contact them. For financial institutions, use the number on the back of your card.
Protect sensitive data: Avoid writing down credit card numbers or passwords. Ensure any customer receipts don't display full card numbers.
Monitor your accounts: Regularly review your Helcim account activity and your bank/credit card statements for any unauthorized transactions or changes.
Secure your devices: Keep your computer and mobile device software updated, and use reputable security software.
Recognizing suspicious communications
Beyond the general scam spotting tips, here are a few more things to consider when a message seems off.
Check the sender's details carefully: For emails, look closely at the sender's email address. Fraudsters often create addresses that are very similar to legitimate ones but are slightly off (e.g. support@heIcim.com with a capital "i" instead of an "L", or support@helcim-payments.com when the real domain is just helcim.com).
Look for poor design or language: Scam emails and websites often have typos, grammatical errors, or low-quality images and logos.
Trust your instincts: If something feels wrong or too good to be true, it probably is. It's always better to be cautious and take a moment to verify.
Next steps
Enable Two-Factor Authentication (2FA) on your Helcim account right away if you haven't already.
Review your password practices. Are you using strong, unique passwords? Consider using a password manager to help.
Talk to your team about these security measures and common scams. A well-informed team is a great line of defense!
FAQs
What should I do if I think I clicked on a phishing link or entered my details on a fake site?
Immediately change your password for that account and any other accounts where you use the same password. Monitor the account closely for suspicious activity. If you suspect your Helcim account was compromised, contact us right away.
How can I tell if an email or call claiming to be from Helcim is legitimate?
Helcim will never ask you for your full password via email or unsolicited phone call. If you receive a suspicious communication, don't click links or provide information. Instead, contact us directly through the known phone number or support channels listed on our official website.
Are password managers really secure?
Reputable password managers are designed with strong encryption to protect your stored passwords. They are generally considered much more secure than reusing simple passwords or writing passwords down. Just be sure to use a strong master password for the password manager itself!
An employee accidentally shared some information over the phone. What should we do?
Assess what information was shared. If it included any login credentials, change those passwords immediately. Review the situation to see how it happened and reinforce security training with your team. If you're concerned about your Helcim account, contact us for guidance.