Credit unions and partners Members and clients Claims About us

Security at The Co-operators

Co-operators is committed to protecting your personal information, helping you to protect your personal information and helping you to take steps to avoid falling victim to phishing. On this page, we describe how we help protect you, and how you can protect yourself.

  • How we protect your information
  • How you can protect your own information
  • How you can take steps to avoid falling victim to phishing

1.0 How we protect your information

1.1 System and Data integrity

Co-operators uses multiple technologies to help prevent unauthorized access to our systems. Our Internet firewalls are designed to securely separate the Internet from our internal computer systems and databases. We carry out around-the-clock monitoring to maintain the quality of our systems and proactively help identify unusual account activity, protecting your personal information and identity. To help protect the confidentiality of information over the internet, we leverage Transport Layer Security (TLS).

1.2 Authentication of your identity

We will only grant access to your online account with us after your identity has been authenticated. When you successfully sign into our website, a secure connection will be established using Transport Layer Security (TLS), which helps keep your information safe.

1.3 Session timeout

To further protect your information, your online session will end after a period of inactivity. If you want to continue accessing your account(s), you will have to sign in again.

1.4 When you communicate with us

We use secure and safe communication practices when interacting with you. Whether you communicate with us through telephone, email or online, here is what you can expect:

Co-operators will:

  • confirm your identity by asking a set of questions with responses that you previously supplied to us.
  • require additional information or verification before accepting a transaction, to ensure it is really you that is making the request.
  • only ask you to pay an amount you owe through any of Co-operators official payment options.

Co-operators will never:

  • demand immediate payment by Interac e-transfer, bitcoin, prepaid credit cards or gift cards.
  • use aggressive language or threaten you with arrest or sending the police.
  • leave voicemails that are threatening or give personal or financial information.
  • require that you provide personal, financial, or confidential information in email communications, including credit card information. This applies whether you contact us, or we contact you.

Please review our privacy policy for more information on how we collect, use and disclose your personal information.

Co-operators reserves the right to restrict or cancel access to your online account without providing notice. We will do this when we have reason to believe your data may be at risk.

1.5 Contact us

Information on how to contact us can be found here.

For questions regarding how to protect your information, please contact your Co-operators representative. For questions regarding your personal information, please contact our privacy office at privacy@cooperators.ca. Please include the name of the company you engage with in your correspondence.

2.0 How you can protect your own information

We take strong measures to protect the security and privacy of your information. However, there are several things you can do that will help protect your information when you are using the Internet.

2.1 Protect your identity

Identity theft, or the theft of personal information, can be the starting point to a range of crimes. Often a cybercriminal only needs a small amount of information to steal your identity.

Here is what you can do to reduce your chance of being affected by identity theft:

  • Don’t provide your personal information unless you need to.
  • Don't respond to unsolicited requests for personal or account information.
  • Don't include your social insurance number or driver's license number on sensitive documents, unless you understand the purpose and consent to it.
  • Monitor your online financial accounts for any suspicious transactions.
  • Shred any documents that contain your personal information before throwing them away.
  • Always lock your smartphone.
  • Have a strong and unique passphrase for all your accounts and devices.
  • Ensure you are using the latest version of your chosen browser, to ensure that all the applicable security updates have been installed.

2.2 Passphrase best practices

Using strong passphrases helps you to protect your identity. Always keep your passphrase confidential to prevent unauthorized use. Passphrase best practices include:

  • Change your passphrase regularly.
  • Choose unique passphrases that you can remember so that you do not have to write them down, but ones that are difficult for others to guess.
  • Do not use personal or identifying information as your passphrase, for example, date of birth, name, or social insurance number.
  • Use a strong passphrase that has at least eight characters with a combination of uppercase and lowercase letters, numbers, and special characters (for example, 1L@VEsummerTim3!).
  • Do not share your passphrase with anyone.
  • Do not use the same passphrase twice.
  • Do not save passphrases on your computer, on the Internet or on any software.

2.3 Protect your computer and mobile devices

  • Install anti-virus and anti-spyware software. They are designed to seek out viruses and malicious programs running on your computer or other device and remove them. Always use the most up- to-date versions. Be sure to schedule periodic system scans to run automatically.
  • Install a personal firewall. Personal firewalls can be software, hardware, or both, and create a barrier to attacks.
  • Keep all your software up to date, including your operating system. It is helpful to configure your operating system to automatically install new updates as they are issued by the manufacturer. To learn more, visit your manufacturer’s support site.
  • Download and install software or mobile applications only from reputable websites or providers. Avoid installing software from unknown sources.
  • Secure your home wireless network and any connected devices by changing the default administration ID and passphrase (using a strong passphrase!) Change your wireless network name and, most important, enable WPA2 encryption.
  • Use a spam filter, such as the filter offered by your email provider.
  • Never respond to spam emails, as this only confirms that your email address is valid.
  • Be careful about using public Wi-Fi networks where you could potentially expose sensitive information.
  • Be aware of your surroundings when using a computer or mobile device in a public place.
  • Always sign out of an online account when you are done and, if using a computer or other device that is not your own, clear the browser's cache and close the browser window.

3.0 How you can take steps to avoid falling victim to phishing

Fraud comes in many different forms. One of the most common ways fraudsters try to get access to your personal information is through Phishing. Phishing is a type of fraud where fraudsters try to deceive you into revealing sensitive information, often through fake emails, calls, or texts. The fraudsters will typically attempt to trick you into sharing a passphrase or other personal information that they can then use to steal your identity or gain access to your accounts. Phishing attacks are common, and it is important to understand the red flags to protect yourself.

Here are some things to look for to help prevent against phishing attacks:

  1. Do you recognize the sender's company, email address or phone number? Do not respond to companies or people you do not know. If you receive unsolicited emails, texts or phone calls from companies or people you do not know, it’s best not to respond. Even if an email appears to come from a company you have interacted with before, be cautious if the “From” address looks suspicious, it comes from a person you have not emailed before, or the email greeting is generic, like “Hello customer”.

  2. Did you expect the email, call, or text? Does the request seem strange? Unexpected emails, calls, or texts, or out of the ordinary requests can be a sign of a phishing attack.

  3. Are you named in the salutation or subject line? This may not always prove that the email is legitimate, because your name may be in your email address.

  4. Are there any grammar or spelling errors? Unsophisticated phishing communications may contain grammar or spelling errors. However, the absence of grammar or spelling errors does not mean that the communication is legitimate. It may just mean that the attacker has taken more time to craft their message.

  5. Are the writing style, tone, and words different from the usual emails you receive from the same sender?

  6. Are there any suspicious links? Check the link in the email by hovering over it with your mouse pointer; the target address will appear. On an Android or Apple mobile device, check links by holding your finger or stylus on the link text. When the link appears in a bubble shape, then lift your finger or stylus off the link. In either case, before you click, make sure you recognize the link. When in doubt, do not click the link at all. Instead, navigate to the sender's website directly through your browser.

  7. Are there any suspicious attachments? Don't open attachments or links from unknown sources - attachments from people you do not know can contain viruses or malware that can compromise your device and access your personal information.

  8. Is the email, call or text asking you to verify your account, reset your passphrase or provide confidential information by clicking a link or filling out and sending a form? Don't respond to requests like this from unknown senders.

  9. Does the sender include their signature name or contact information? Most legitimate companies will include name, department, or contact information in their signatures.

  10. Don't feel pressured to reply to an urgent request - Generally, the greater the sense of urgency, the greater the chance it’s a scam.

If you suspect phishing activity where a fraudster appears to be impersonating Co-operators, or encounter individuals impersonating representatives of Co-operators, please reach out to Fraud Prevention.

3.1 How to report fraud?

  • Call our Fraud Tip Hotline 1-833-3203210
  • Email details to report_fraud@cooperators.ca
  • Fill out our Fraud Reporting form if you choose to stay anonymous. Review this privacy notice before you fill out the form.

  • If you prefer to not report directly to Co-operators, anonymous tips can be reported as follows:

  • For Home, Auto and Business insurance related matters: Équité Association
  • For Health Benefits related matters: Canadian Life and Health Insurance Association
  • As an Equite member, we are committed to detect and prevent fraud and crime in the Canadian insurance industry.