Online banking is a convenient way of managing your bank accounts, paying your bills, handling transactions, and more. While e-transfers are a common way for people to send and receive money, these digital transactions are also targeted and used by scammers to steal money. E-transfers are favoured by scammers because they’re difficult to recover. Once they’ve been deposited, e-transfers cannot be reversed, even when fraud is involved.
Financial institutions have security measures in place to make e-transfers more secure, but it’s important that you use cyber safe practices to best protect yourself, too. Use e-transfers securely to protect you and your connections from interferences that put your money and sensitive information at risk.
What is e-transfer fraud?
E-transfer fraud involves scammers acting as either the “sender” or “recipient” for a fake e-transfer transaction. Scammers often use phishing to initiate these transactions. They may send a message claiming that you owe a payment for a bill that can be settled using e-transfer. Scammers can even use message templates that look like a legitimate e-transfer request from your bank to try and trick you into sending money or clicking on a malicious link requesting your sensitive information. Their goal is to steal your money and personal information.
Scammers often use social engineering and pretend to be well-known companies, banks, government departments, or individuals to earn your trust. Sometimes, scammers may use information about you that they found online to make them appear legitimate.
Scammers also try to steal money by intercepting e-transfers. An e-transfer is considered “intercepted” when money in a legitimate e-transfer gets deposited into a scammer’s account instead of the intended recipient’s account. For example, if a scammer hacks your email account, they will also have access to your e-transfer notifications and associated links. If you’re using the same passwords for multiple accounts, scammers can use phishing or credential stuffing to gain access to your banking and other accounts, personal information, and e-transfers. With this access, scammers can then use information they’ve found about you, or any notes left in the e-transfer notification, to guess the security answers or pins. This allows them to intercept e-transfers and claim your money for themselves.
Cyber security tips to use e-transfers safely
Follow these tips to help prevent e-transfer fraud from happening to you.
- Beware of emails, phone calls, texts or other messages about unexpected e-transfers
- Verify that you know who the e-transfer sender or requester is and what the transaction is for
- If you are unsure about the sender’s identity, don’t click on any links or follow through on any actions for the e-transfer – simply delete the notification
- Be suspicious of demands for secrecy or pressure to make an e-transfer quickly
- these are common tactics scammers use to trick victims into feeling pressured to act before having time to think
- Create strong and unique security questions and answers for e-transfers
- don’t rely on information that could easily be found or guessed by scammers (birth date, pet name, hometown, etc.)
- don’t include any information on the password in the notes or messages for the e-transfer
- Consider enabling automatic deposits to receive e-transfers without the need for security questions or special links
- Create strong and unique passwords for all your accounts to avoid credential stuffing
- Consider changing your passwords into passphrases
- passphrases are harder for scammers to guess, but easier for you to remember – here’s a tool to help you create memorable passphrases
- Enable multi-factor authentication (MFA) for every account, when available
- MFA adds more protection to your accounts and ensures that only you can access your accounts
- Avoid online banking of any form on unsecured networks, like public Wi-Fi
- use a virtual private network (VPN) to protect your digital actions by securing your connection
- VPNs help protect your online connections whether you are at home or elsewhere
- if you have to make an online transaction while away from home, use your cellular data or set up a VPN before using public Wi-Fi
- Refrain from sharing too much information online
- scammers use information shared online to guess account security answers or craft social engineering attacks
Conclusion
By understanding the key signs of e-transfer fraud and by following cyber safe practices, you can help protect yourself and others from being victims of this scam.
Anyone who suspects they have been the victim of cybercrime or fraud should report it to their local police and to the Canadian Anti-Fraud Centre’s online reporting system or by phone at 1-888-495-8501.