We all use Interac® e-Transfer, to send money to family and friends, pay for items we bought online, and sometimes to pay bills for things like childcare and rent.
But what if the recipient’s email account has been compromised? This has happened before, and in some cases has made headlines: an e-Transfer email is intercepted by a fraudster and the money is re-routed to another bank account, meaning the sender is now out hundreds (or thousands) of dollars.
But if you’re a user of Interac® e-Transfer, what can you do to protect yourself?
The electronic transfer may be a fast and secure way to send or receive money, but you have a responsibility when using the Interac® e-Transfer service, especially when it comes to passwords. Credit unions do not have control over the passwords members use or if the member’s computer has been compromised. Depending on the type of fraud, members may be liable for the loss.
Awareness of the different types of fraud and education of how to protect yourself is key. There are many myths when it comes to fraud – below are the top three that are important to understand.
Myth: You will never lose money when using Interac® e-Transfers.
Fact: Interac® e-transfers come with risks.
There can be risks when sending money by email. The recipient’s email could be compromised, allowing the funds to be redirected by a criminal if the sender’s password is not strong enough.
To protect yourself when sending an Interac® e-Transfer, be sure to:
- Not reuse the same password.
- Use a unique password that is difficult to guess and cannot be easily identified via social media.
- Not send the recipient the password to the same email address as the Interac® e-Transfer. Text or call the recipient with the password.
- Set-up the Auto deposit feature (if available) and recommend this to people you frequently transfer funds to as this removes the possibility of the funds being intercepted.
- Enable two-factor authentication on your email account.
- Periodically search your email address on sites like https://haveibeenpwned.com/ to ensure it has not been compromised – and if it has, change your password right away.
Myth: If I do not visit suspicious sites, I am safe.
Fact: You may visit a fake site without realizing it thanks to phishing.
You may have heard of email phishing: a misleading and deceptive email that falsely claims to be from a legitimate organization such as a financial institution, business or government agency in an attempt to have the consumer surrender private and personal information. And this problem it is only getting worse. Phishing works because the criminals have perfected the art of impersonating companies, using their logos and branding, both in the email and on fake sites. It is easy to be fooled!
To avoid falling for a phishing scam, always:
- Be wary of unsolicited emails, especially if the email contains a link and is asking for personal information.
- Watch for small errors in spelling or formatting or strange URLs (hover over the link to confirm it is the right address before clicking).
- Do not click on links or open attachments you were not expecting to receive.
- When in doubt, look up the phone number and call the company (do not use the phone number provided in the email) before you do anything to confirm if the message is real.
Myth: If my password is strong, I can reuse it.
Fact: Use a different password for every site.
Even the strongest passwords – that incorporate special characters and a mix of upper and lowercase letters – can become compromised. For example, if you click on a phishing link (see above) then your account details can be stolen without you realizing it. If you are using the same password for multiple accounts, you can put all of your information is at risk.
To keep your accounts safe:
- Use different passwords for all your accounts (email, online banking, e-commerce, etc.)
- Change passwords frequently
- Use two-factor authentication where possible (so logins require a code sent via email or SMS before you are able to access)
- Use a password manager
It is up to all of us to be aware of the risks and protect ourselves against fraud. Talk to an advisor at your local credit union for more tips and tricks to stay safe and always report suspicious account activity or compromised accounts to your credit union right away.