Updated March 15, 2021
In May, there was a story in the news about a RBC customer who sent money using Interac® e-Transfer, not realizing the recipient’s email account had been compromised. The email was intercepted by a fraudster and the money was re-routed to another bank account, much to the surprise and dismay of the sender and receiver.
The electronic transfer is a fast and secure way to send or receive money. However, members have a responsibility when they use Interac® e-Transfer service, especially when it comes to passwords. Credit unions do not have control over the passwords members use or if the member’s computer has been compromised. Depending on the type of fraud, members may be liable for the loss.
Awareness of the different types of fraud and education of how to protect yourself is key. There are many myths when it comes to fraud and below are the top three that are important to understand.
Myth: You will never lose money when using Interac® e-Transfers.
Fact: Interac® e-transfers come with risks.
As the example above proves, there can be risks when sending money by email. The recipient’s email could be compromised, allowing the funds to be redirected by a criminal if the sender’s password is not strong enough.
To protect yourself when sending an Interac® e-Transfer, be sure to:
- Do not reuse the same password.
- Use a unique password that is difficult to guess and cannot be easily identified via social media.
- Do not send the recipient the password to the same email address as the Interac® e-Transfer. Text or call the recipient with the password.
- Set up the Auto deposit feature (if available) and recommend this to people you frequently transfer funds to as this removes the possibility of the funds being intercepted.
- Enable two-factor authentication on your email account.
- Periodically search your email address on sites like https://haveibeenpwned.com/ to ensure it has not been compromised – and if it has, change your password right away.
Myth: If I do not visit suspicious sites, I am safe.
Fact: You may visit a fake site without realizing it thanks to phishing.
You may have heard of email phishing – a misleading and deceptive email that falsely claims to be from a legitimate organization such as a financial institution, business or government agency in an attempt to have the consumer surrender private and personal information – but did you know it is on the rise? One 2019 study from anti-fraud software retruster found that phishing accounts for 90% of data breaches. Phishing works because the criminals have perfected the art of impersonating companies, using their logos and branding, both in the email and on fake sites. It is easy to be fooled!
To avoid falling for a phishing scam, always:
- Be wary of unsolicited emails, especially if the email contains a link and is asking for personal information.
- Watch for small errors in spelling or formatting or strange URLs (hover over the link to confirm it is the right address before clicking).
- Do not click on links or open attachments you were not expecting to receive.
- When in doubt, look up the phone number and call the company (do not use the phone number provided in the email) before you do anything to confirm if the message is real.
Myth: If my password is strong, I can reuse it.
Fact: Use a different password for every site.
Even the strongest passwords – that incorporate special characters and a mix of upper and lowercase letters – can become compromised. For example, if you click on a phishing link (see above) then your account details can be stolen without you realizing it. If you are using the same password for multiple accounts, you can put all of your information is at risk.
To keep your accounts safe:
- Use different passwords for all your accounts (email, online banking, e-commerce, etc.)
- Change passwords frequently
- Use two-factor authentication where possible (so logins require a code sent via email or SMS before you are able to access)
- Use a password manager
It is up to all of us to be aware of the risks and protect ourselves against fraud. Talk to an advisor at your local credit union for more tips and tricks to stay safe and always report suspicious account activity or compromised accounts to your credit union right away.
For more cyber safety tips and tricks, check out the tip sheet from the Canadian Credit Union Association.