Personal Finance

New stats on e-transfer fraud

  • Last Updated:
  • Feb 5th, 2021 11:14 am
Deal Fanatic
Jan 21, 2018
9652 posts
10924 upvotes
Vancouver

New stats on e-transfer fraud

"... last year fraudsters made off with nearly 1,800 e-transfers totalling almost $3 million in reported losses — up more than $400,000 from 2019."
https://www.cbc.ca/news/gopublic/etrans ... -1.5889910

The article talks about the frustration of victims that the banks won't trace stolen e-transfers, and just blame insecure email. They continue to say on their web sites that e-transfers are completely secure, and suggest that customers use a strong security question/answer that they send to the intended recipient by other means.

Unfortunately the article does not mention that things are different if recipients have set up auto-deposit, as pointed out here previously on RFD: interac-auto-deposit-feature-warning-2435938/

If the recipient has auto-deposit enabled (which some banks tell you and others don't at time of sending), they do not need a security question/answer, and the money will be auto-deposited to their bank account immediately when you send an e-transfer to their email address. So even if somebody else is intercepting their email, they will be too late to intercept the e-transfer.
18 replies
Deal Addict
Jan 1, 2017
1826 posts
1876 upvotes
Scote64 wrote: "... last year fraudsters made off with nearly 1,800 e-transfers totalling almost $3 million in reported losses — up more than $400,000 from 2019."
https://www.cbc.ca/news/gopublic/etrans ... -1.5889910

The article talks about the frustration of victims that the banks won't trace stolen e-transfers, and just blame insecure email. They continue to say on their web sites that e-transfers are completely secure, and suggest that customers use a strong security question/answer that they send to the intended recipient by other means.

Unfortunately the article does not mention that things are different if recipients have set up auto-deposit, as pointed out here previously on RFD: interac-auto-deposit-feature-warning-2435938/

If the recipient has auto-deposit enabled (which some banks tell you and others don't at time of sending), they do not need a security question/answer, and the money will be auto-deposited to their bank account immediately when you send an e-transfer to their email address. So even if somebody else is intercepting their email, they will be too late to intercept the e-transfer.
1,800 occurrences only? That’s very low given that there are 120+ MILLION eTransfer transactions annually.
Deal Fanatic
Jan 21, 2018
9652 posts
10924 upvotes
Vancouver
ProductGuy wrote: 1,800 occurrences only? That’s very low given that there are 120+ MILLION eTransfer transactions annually.
I thought that as well - but these were only cases that were reported to the RCMP and being investigated by them.
Member
Dec 1, 2017
471 posts
493 upvotes
Scote64 wrote: I thought that as well - but these were only cases that were reported to the RCMP and being investigated by them.
Even if it's 10x that it's still pretty low.

If you're a receiver, turn on auto deposit. If you're a sender, make sure you trust the person you're sending to. I think there might be some merit in the TFA idea but if you're leaving your money in limbo for 3 weeks then you take your chances.

Too many times I read articles about people doing dumb s*** and trying to blame the bank for their mistake.

"I sent $5000 to a Nigerian prince and they didn't send me the $100 million they promised. I want want Scotiabank to reimburse me."
Deal Fanatic
Jan 21, 2018
9652 posts
10924 upvotes
Vancouver
Booyayyc wrote: Too many times I read articles about people doing dumb s*** and trying to blame the bank for their mistake.

"I sent $5000 to a Nigerian prince and they didn't send me the $100 million they promised. I want want Scotiabank to reimburse me."
To be fair, I think most of these people are saying that the bank knows exactly what account the stolen money was deposited to, and they want that information to be provided to them directly or to the police to aid in a criminal investigation. The banks are claiming no responsibility to provide that information. That's like a pawn shop receiving stolen goods and then telling the owners and the police "yes, we keep records for our own purposes of who pawned that stuff, but we aren't telling you."
Sr. Member
User avatar
May 18, 2019
933 posts
513 upvotes
Scote64 wrote: To be fair, I think most of these people are saying that the bank knows exactly what account the stolen money was deposited to, and they want that information to be provided to them directly or to the police to aid in a criminal investigation. The banks are claiming no responsibility to provide that information. That's like a pawn shop receiving stolen goods and then telling the owners and the police "yes, we keep records for our own purposes of who pawned that stuff, but we aren't telling you."
BMO saved me from a Kijiji house rental fraud by blocking my e-transfer. They knew that the e-mail that I was sending the money to had been used for fraudulent activities. If they can do that I am pretty sure all banks can block e-transfers to fraudulent e-mails or bank accounts.
Deal Addict
User avatar
Jul 16, 2019
1577 posts
2008 upvotes
Scote64 wrote: To be fair, I think most of these people are saying that the bank knows exactly what account the stolen money was deposited to, and they want that information to be provided to them directly or to the police to aid in a criminal investigation. The banks are claiming no responsibility to provide that information. That's like a pawn shop receiving stolen goods and then telling the owners and the police "yes, we keep records for our own purposes of who pawned that stuff, but we aren't telling you."
Isn't this what warrants are for?
Deal Fanatic
Jan 21, 2018
9652 posts
10924 upvotes
Vancouver
someweirdo wrote: Isn't this what warrants are for?
Exactly the problem. First you would have to convince your busy overworked local police that a serious crime has taken place in their jurisdiction. To which you will likely get the response that this is some kind of internet thing that they don't really deal with, and besides, do you have any proof that the "crime" took place in their jurisdiction, since you don't know where the thief is, and Interac is an organization based somewhere else.
Deal Guru
User avatar
Mar 12, 2005
11677 posts
3489 upvotes
Victoria
I think the article buries the lead.

It's generally not the bank that's the weak-point, it's the person's email account. People are getting into their email accounts, of which the transfer was legitimately sent, but then clicking the link and depositing the funds to their own account. I guess the same kind of people that don't use a unique hard to guess password for their email, are also the kind to use easy to guess e-transfer security questions?

It would be nice if the banks could increase security. On the flip side anything they did would make e-transfers harder to use. It does seem a little overkill that the bank gets all the blame, when it seems like it's mostly on the client end, with compromised email accounts and easy to guess security answers?
Member
User avatar
Feb 1, 2019
323 posts
133 upvotes
Alberta
zod wrote: I think the article buries the lead.

It's generally not the bank that's the weak-point, it's the person's email account. People are getting into their email accounts, of which the transfer was legitimately sent, but then clicking the link and depositing the funds to their own account. I guess the same kind of people that don't use a unique hard to guess password for their email, are also the kind to use easy to guess e-transfer security questions?

It would be nice if the banks could increase security. On the flip side anything they did would make e-transfers harder to use. It does seem a little overkill that the bank gets all the blame, when it seems like it's mostly on the client end, with compromised email accounts and easy to guess security answers?

I am curious how "People or Strangers have access to email account?" Guess email security question - Q&A is for sender & receiver knowledge, how does 3rd party find out? I was told to use separate email acct + web browser for banking/online purchase using wired ethernet vs Wifi and 2nd acct+browser for non-money related. With Apple/Samsung Pay on cellphone while using Hot Spot Free Wifi, an opportunity for thieves to steal personal info. Depends on employees experience/knowledge in Cyber Security to recognize suspicious/fraud activity - BMO trying to recover money from Bahamas.

I will have to agreed that our Financial Institutions /Shareholders are to BLAME...it all started Top 5 banks decided to cut costs by closing Canadian call centres to avoid paying high salary wages/benefits move them to India/Phillipines - contract jobs for locals w/no experience & low wages. While our wages are governed by provincial/federal regislation it's completely opposite in other countries like India & other Asian countries < willingness to work extra hours no OT paid / below min pay / ZERO benefits (Canada besides employee health- acct fees waived- higher interest on investments- discounts w/other retailer) / these contract workers has nothing.

I recommend you watch *Trafficked Money Scams w/Mariana Van Zellar* these Scammers/Thieves/Hackers etc worked @ Call Centres stole client list personal info for Phishing / fraud activities. I can verify this as there was a feature from CBC Go Public and former bank employee.

Last few times I called Telus Support, the rep told me she lives in Mexico. Who to blame for compromising our personal info as Share-holders wallets fattens?!?
Deal Guru
User avatar
Mar 12, 2005
11677 posts
3489 upvotes
Victoria
FrostyBytes wrote: I am curious how "People or Strangers have access to email account?" Guess email security question - Q&A is for sender & receiver knowledge, how does 3rd party find out? I was told to use separate email acct + web browser for banking/online purchase using wired ethernet vs Wifi and 2nd acct+browser for non-money related. With Apple/Samsung Pay on cellphone while using Hot Spot Free Wifi, an opportunity for thieves to steal personal info. Depends on employees experience/knowledge in Cyber Security to recognize suspicious/fraud activity - BMO trying to recover money from Bahamas.
Not everyone runs their stuff securely. To my knowledge the most common way that people's email accounts get hacked is that they use the same password for other websites. Once the other site gets compromised, people who access the passwords start trying to see if the email/password combo's work on other websites. It's the same with security questions. A fair amount of people have sent me e-transfers with a question about a favourite band, tv show, or movie. Stuff you could probably figure out with a google search (or snooping my facebook profile).

The article this thread references directly refers to people's email accounts being compromised. IE the only way to click the link in an e-transfer is to get the email. So it's people getting into people's email, looking for e-transfer e-mail's, and clicking the deposit button and directing it to their own account.
Deal Expert
Aug 22, 2011
41802 posts
30056 upvotes
Center of Universe
zod wrote: Not everyone runs their stuff securely. To my knowledge the most common way that people's email accounts get hacked is that they use the same password for other websites. Once the other site gets compromised, people who access the passwords start trying to see if the email/password combo's work on other websites. It's the same with security questions. A fair amount of people have sent me e-transfers with a question about a favourite band, tv show, or movie. Stuff you could probably figure out with a google search (or snooping my facebook profile).

The article this thread references directly refers to people's email accounts being compromised. IE the only way to click the link in an e-transfer is to get the email. So it's people getting into people's email, looking for e-transfer e-mail's, and clicking the deposit button and directing it to their own account.
The sender must also be using very generic passwords for the theives to be able to guess.
Deal Expert
User avatar
Jun 3, 2005
28753 posts
1370 upvotes
PunkeyDoodles Corner…
Is it so lucrative to be spending this much time blindly test email addresses to see if there's a coincidental pending emt for one to then steal?

There's no way people are doing that? Is that really the method?

Didn't read article.

Does it talk about fraudulently SENT emts that then get reversed after the seller has mailed the goods?

Or does it talk about phishing emt notice emails, where you click it, log in & boom you gave your login to a thirf. They then log into your real bank & clean you out.

Those have always been the only real risks I've known to be associated with emt risks.
PayTM$154, dead. SDM: $5342 Rakuten: $181.98
100% Established: BST; Heat; FB market; Kijiji *BST: FS Mens Shoes & Boots: Viberg, Allend Edmonds, Red Wings, misc,*
*Various Szs Vintage: Florsheim Imperial
Deal Expert
Aug 26, 2002
15719 posts
7445 upvotes
Toronto, ON
bubble.tea wrote: Does it talk about fraudulently SENT emts that then get reversed after the seller has mailed the goods?
You bring up a point that I've always wondered. Is there a way to cancel or reverse a sent EMT (for example, if the receiver of the money doesn't hold up their end of the deal)?

Last spring before all the pandemic closures hit, I paid for my kids' softball fees by EMT to the organizer of the league. Since everything was cancelled last summer, I've been chasing her for a refund and I've gotten no response by phone or email. So I'm wondering if there's any recourse for me to get my funds back?
Deal Expert
User avatar
Jun 3, 2005
28753 posts
1370 upvotes
PunkeyDoodles Corner…
If the receiver hasn't activated auto-deposit, you can cancel a pending emt yes.
PayTM$154, dead. SDM: $5342 Rakuten: $181.98
100% Established: BST; Heat; FB market; Kijiji *BST: FS Mens Shoes & Boots: Viberg, Allend Edmonds, Red Wings, misc,*
*Various Szs Vintage: Florsheim Imperial
Deal Expert
Aug 26, 2002
15719 posts
7445 upvotes
Toronto, ON
bubble.tea wrote: If the receiver hasn't activated auto-deposit, you can cancel a pending emt yes.
It wasn't an auto-deposit but the status does say it was deposited so I guess there's no way to get the money back through the bank.
Deal Expert
User avatar
Jun 3, 2005
28753 posts
1370 upvotes
PunkeyDoodles Corner…
That's the beauty of emts. Buyers can't scam you and reverse it after you've shipped / handed over your stuff. For a seller, it is beautiful. You get your money and *zero risk* of having it reversed.

That was a huge red flag with paypal chargebacks.
PayTM$154, dead. SDM: $5342 Rakuten: $181.98
100% Established: BST; Heat; FB market; Kijiji *BST: FS Mens Shoes & Boots: Viberg, Allend Edmonds, Red Wings, misc,*
*Various Szs Vintage: Florsheim Imperial
Deal Fanatic
Jan 21, 2018
9652 posts
10924 upvotes
Vancouver
Another data point from sending an Interac e-transfer from my own account at CBC to my own account at EQ Bank:

- CIBC offers to cancel the e-transfer after it has been sent, for a fee.

- EQ Bank says "Error, try again later" on the attempted deposit (and on repeated attempts for the next 2 days, after calling Customer Service to report the problem).

- Attempt to deposit the e-transfer elsewhere returns the message "Error, this e-transfer has already been accepted by EQ Bank".
Deal Addict
Nov 8, 2017
1556 posts
894 upvotes
Sending an transfer is like giving cash in hand. Once they got it, you're out of luck

Top

Thread Information

There is currently 1 user viewing this thread. (0 members and 1 guest)