Receiving Interac e-Transfer

Banking and Saving strategies, maximizing interest rates, budgeting, GICs, HISAs.
User avatar
tightwad
Silver Ring
Silver Ring
Posts: 167
Joined: 07 Feb 2007 15:26
Location: BC

Receiving Interac e-Transfer

Post by tightwad » 17 Aug 2017 18:02

A notification email is sent to the recipient of an Interac e-Transfer. Apparently it's normal procedure then to click on a button or link in such an email to initiate the process. How can one tell whether the email is legitimate and not part of a phishing scam?
Last edited by tightwad on 17 Aug 2017 20:44, edited 1 time in total.

User avatar
kcowan
Diamond Ring
Diamond Ring
Posts: 13011
Joined: 18 Apr 2006 20:33
Location: Pacific latitude 20/49

Re: Receiving Interac e-Transfer

Post by kcowan » 17 Aug 2017 19:40

I would contact the sender if I was not expecting a payment.
For the fun of it...Keith

twa2w
Gold Ring
Gold Ring
Posts: 1673
Joined: 22 Feb 2005 13:08

Re: Receiving Interac e-Transfer

Post by twa2w » 17 Aug 2017 19:55

Well normally you would be expecting the email money transfer and would have communicated with the sender in order to obtain the email money transfer password from them.

In theory, I suppose, if one was selling an item, a potential buyer could agree to send payment $ by email transfer and set up a phishing program to spoof an email transfer and your bank signin info, to obtain your info. He would have to have phishing links to all banks websites as he would not know what bank you dealt with. Also you could check your bank account through a separate sign in, immediately after accepting the transfer. If legit, the money would be in your account.

Know the sender is the best advice.

User avatar
tightwad
Silver Ring
Silver Ring
Posts: 167
Joined: 07 Feb 2007 15:26
Location: BC

Re: Receiving Interac e-Transfer

Post by tightwad » 17 Aug 2017 20:24

kcowan wrote:
17 Aug 2017 19:40
I would contact the sender if I was not expecting a payment.
Yes, good idea if it's someone you know. It's possible that their mail account was compromised and is being used for nefarious purposes. To make it look real the notification could include a made-up reason for the payment.

What if the email is from a stranger? Would you take a chance on responding? What if you're someone who accepts donations for your work? For example: Amateur web musicians and freeware authors. It wouldn't be practical for those people to contact each individual.
twa2w wrote:
17 Aug 2017 19:55
He would have to have phishing links to all banks websites as he would not know what bank you dealt with. Also you could check your bank account through a separate sign in, immediately after accepting the transfer. If legit, the money would be in your account.
It's possible for bank links to be spoofed - it's been done before. They wouldn't have have a complete list of institutions, just the major players. Having money deposited to your account is no guarantee it's all good; if it's a scam they already have your login credentials and can come back later to clean out the account.

Maybe I'm being overly paranoid but being caught in this type of scam would have major consequences.

User avatar
kcowan
Diamond Ring
Diamond Ring
Posts: 13011
Joined: 18 Apr 2006 20:33
Location: Pacific latitude 20/49

Re: Receiving Interac e-Transfer

Post by kcowan » 18 Aug 2017 00:34

I think the donations thing is why most use PayPal.
For the fun of it...Keith

User avatar
tightwad
Silver Ring
Silver Ring
Posts: 167
Joined: 07 Feb 2007 15:26
Location: BC

Re: Receiving Interac e-Transfer

Post by tightwad » 18 Aug 2017 12:55

I guess the old adage "Don't take candy from strangers." applies. In this case it's money and not candy. And if you do, don't do it through Interac e-Transfer.

User avatar
IdOp
Gold Ring
Gold Ring
Posts: 2856
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Receiving Interac e-Transfer

Post by IdOp » 18 Aug 2017 14:22

I share tightwad's concerns. Email was never designed for security or authentication. ISTM that a legitimate, expected, e-transfer notification from someone you know could (in principle) be tampered with before you receive it and turned into a phishing attempt. Here is an Interac link about security, but there is no satisfactory answer there.

Perhaps there have not been a lot of problems in reality, but asking you to click on a link in an email is not good practice. Why doesn't the email jusk ask you to log in to online banking as usual, with no links? Once there, you could follow a link on the bank site to check for pending e-transfers. (There could even be a pop-up notice informing you of any.) Then you answer the security question and direct the money to the right account. This might take two extra clicks, so maybe that's why it's not done that way?

User avatar
tightwad
Silver Ring
Silver Ring
Posts: 167
Joined: 07 Feb 2007 15:26
Location: BC

Re: Receiving Interac e-Transfer

Post by tightwad » 18 Aug 2017 17:09

Alternatively, the notification email could provide a key that can be copy-pasted into a form on the Interac website. After verification receipt can then continue as it does now.

Just a Guy
Silver Ring
Silver Ring
Posts: 347
Joined: 01 Dec 2014 19:28

Re: Receiving Interac e-Transfer

Post by Just a Guy » 18 Aug 2017 19:25

You could look at the headers of the email and see where the message came from, you could also look at the link before you click on it to see if it goes to interact or not. Like it or not, you can't really fake a link if you know how to look at the code. The internet works pretty transparently if you educate yourself on how it works.

You can fake the link's displayed destination, and even the email displayed address but, in the HTML code which can easily be displayed with the click of a mouse, you can see if it's the same as it should be or if it's faked.

User avatar
IdOp
Gold Ring
Gold Ring
Posts: 2856
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Receiving Interac e-Transfer

Post by IdOp » 19 Aug 2017 00:46

You can do those things, and they do have value, but even an experienced person may not really know exactly what the link is supposed to be. But for a heck of a lot of people doing those things is just beyond their capabilities. And Interac wants those people using the system too, to make more money. It seems like they have gone to 100% convenience to capture the most users, and those last few percent of users who need that convenience are the exact ones most likely to fall for a scam.

User avatar
freedom_2008
Silver Ring
Silver Ring
Posts: 392
Joined: 16 Nov 2010 17:46
Location: Victoria

Re: Receiving Interac e-Transfer

Post by freedom_2008 » 19 Aug 2017 22:05

tightwad wrote:
17 Aug 2017 18:02
A notification email is sent to the recipient of an Interac e-Transfer. Apparently it's normal procedure then to click on a button or link in such an email to initiate the process. How can one tell whether the email is legitimate and not part of a phishing scam?
You can't.

But if you don't receive another email from the sender to let you know the password of the transfer, you definitely don't want to click the link, as no one can deposit e-transfer fund without using the password set by the sender.

Even if the sender did send you the password, but not telling you what the money is for, or if the money is not really for you by sender's description, then the sender might just send to wrong email address, if it is not a scam. You wouldn't want to click the link either.
"Happiness is when what you think, what you say, and what you do are in harmony" -- Mahatma Gandhi

"Life is really simple, but we insist on making it complicated" - from a wise person

User avatar
tightwad
Silver Ring
Silver Ring
Posts: 167
Joined: 07 Feb 2007 15:26
Location: BC

Re: Receiving Interac e-Transfer

Post by tightwad » 20 Aug 2017 00:00

freedom_2008 wrote:
19 Aug 2017 22:05
...if you don't receive another email from the sender to let you know the password of the transfer...
Is it customary for the sender to send the password/answer to the recipient in a separate email? I guess it would make sense if the recipient is someone who is not particularly close to the sender.

User avatar
freedom_2008
Silver Ring
Silver Ring
Posts: 392
Joined: 16 Nov 2010 17:46
Location: Victoria

Re: Receiving Interac e-Transfer

Post by freedom_2008 » 20 Aug 2017 01:36

tightwad wrote:
20 Aug 2017 00:00
freedom_2008 wrote:
19 Aug 2017 22:05
...if you don't receive another email from the sender to let you know the password of the transfer...
Is it customary for the sender to send the password/answer to the recipient in a separate email? I guess it would make sense if the recipient is someone who is not particularly close to the sender.
For legitimate e-transfer, the e-transfer email itself is sent by bank e-transfer service on behalf of the sender, NOT from the sender directly, and it wouldn't contain the password set by the sender. The sender can and should either send an email or call or messaging or meet you in person to tell you the password. Otherwise, why bother the e-transfer in the first place, unless it is a scam or wrong email address.
"Happiness is when what you think, what you say, and what you do are in harmony" -- Mahatma Gandhi

"Life is really simple, but we insist on making it complicated" - from a wise person

pmj
Gold Ring
Gold Ring
Posts: 2411
Joined: 27 Feb 2005 18:15
Location: Ottawa

Re: Receiving Interac e-Transfer

Post by pmj » 20 Aug 2017 09:30

ISTM that we _have_ to use email transfers cos the banks make it just about impossible for a private customer to make a simple transfer to someone with an account at another bank. Even a same-bank transfer at TD requires an off-line process to set up a payee.
Peter

Patrick Hutber: Improvement means deterioration

User avatar
adrian2
Diamond Ring
Diamond Ring
Posts: 11542
Joined: 19 Feb 2005 08:42
Location: Greater Toronto Area

Re: Receiving Interac e-Transfer

Post by adrian2 » 20 Aug 2017 09:47

tightwad wrote:
17 Aug 2017 20:24
kcowan wrote:
17 Aug 2017 19:40
I would contact the sender if I was not expecting a payment.
Yes, good idea if it's someone you know. It's possible that their mail account was compromised and is being used for nefarious purposes. To make it look real the notification could include a made-up reason for the payment.

What if the email is from a stranger? Would you take a chance on responding? What if you're someone who accepts donations for your work? For example: Amateur web musicians and freeware authors. It wouldn't be practical for those people to contact each individual.
From the millions of such transfers that have occurred in Canada since they were made available, how many times a hack has happened? Oh, it has never happened so far. By all means, be vigilant, but to go as far as saying it's too dangerous to use it's an overreaction IMHO.
Imagefiniki, the Canadian financial wiki
“It doesn't matter how beautiful your theory is, it doesn't matter how smart you are. If it doesn't agree with experiment, it's wrong.” [Richard P. Feynman, Nobel prize winner]

User avatar
freedom_2008
Silver Ring
Silver Ring
Posts: 392
Joined: 16 Nov 2010 17:46
Location: Victoria

Re: Receiving Interac e-Transfer

Post by freedom_2008 » 20 Aug 2017 09:59

freedom_2008 wrote:
20 Aug 2017 01:36
tightwad wrote:
20 Aug 2017 00:00
freedom_2008 wrote:
19 Aug 2017 22:05
...if you don't receive another email from the sender to let you know the password of the transfer...
Is it customary for the sender to send the password/answer to the recipient in a separate email? I guess it would make sense if the recipient is someone who is not particularly close to the sender.
For legitimate e-transfer, the e-transfer email itself is sent by bank e-transfer service on behalf of the sender, NOT from the sender directly, and it wouldn't contain the password set by the sender. The sender can and should either send an email or call or messaging or meet you in person to tell you the password. Otherwise, why bother the e-transfer in the first place, unless it is a scam or wrong email address.
I meant if the recipient doesn't receive the password from the sender (via a separate email or other means), the e-transfer is useless. In this case (no password received), the transfer could be a scam, or wrong email address by mistake when the transfer was set by the sender.
"Happiness is when what you think, what you say, and what you do are in harmony" -- Mahatma Gandhi

"Life is really simple, but we insist on making it complicated" - from a wise person

Jaunty
Gold Ring
Gold Ring
Posts: 1379
Joined: 19 Feb 2007 16:41
Location: Niagara

Re: Receiving Interac e-Transfer

Post by Jaunty » 20 Aug 2017 11:12

... and if you don't provide the right password, you don't get to the choosing bank account and entering passwords stage either (if memory serves me correctly on the order of the steps). So then no problem re: phishing.

User avatar
freedom_2008
Silver Ring
Silver Ring
Posts: 392
Joined: 16 Nov 2010 17:46
Location: Victoria

Re: Receiving Interac e-Transfer

Post by freedom_2008 » 20 Aug 2017 13:41

Jaunty wrote:
20 Aug 2017 11:12
... and if you don't provide the right password, you don't get to the choosing bank account and entering passwords stage either (if memory serves me correctly on the order of the steps). So then no problem re: phishing.
If there is a scam, the phishing link probably :arrow: to somewhere else, rather than the normal e-transfer steps.

In any case, if not giving a password by the sender separately or/and the sender description about the transfer doesn't sound right, I wouldn't click any link, as the money might not be yours to take, phishing or not.
"Happiness is when what you think, what you say, and what you do are in harmony" -- Mahatma Gandhi

"Life is really simple, but we insist on making it complicated" - from a wise person

User avatar
tightwad
Silver Ring
Silver Ring
Posts: 167
Joined: 07 Feb 2007 15:26
Location: BC

Re: Receiving Interac e-Transfer

Post by tightwad » 20 Aug 2017 14:44

There would be instances in which a password is not sent, such as in a transfer between the sender and a family member. The question would be such that only someone close would know the answer.

RBull
Newcomer
Newcomer
Posts: 8
Joined: 05 Feb 2013 13:36

Re: Receiving Interac e-Transfer

Post by RBull » 20 Aug 2017 15:00

Why worry about clicking the link?

The transfer process can be initiated/completed by simply going online at your financial institution to see if there is a request to complete a transaction, thereby bypassing the email. The link isn't needed, at least at my institution. You would need to know the security question/answer which would seem to confirm it's someone you know, or money that is expected.

User avatar
freedom_2008
Silver Ring
Silver Ring
Posts: 392
Joined: 16 Nov 2010 17:46
Location: Victoria

Re: Receiving Interac e-Transfer

Post by freedom_2008 » 20 Aug 2017 16:51

tightwad wrote:
20 Aug 2017 14:44
There would be instances in which a password is not sent, such as in a transfer between the sender and a family member. The question would be such that only someone close would know the answer.
Sure. But this is to answer your question of "How can one tell whether the email is legitimate and not part of a phishing scam?". Plus you also said earlier: "It's possible that their mail account was compromised and is being used for nefarious purposes. To make it look real the notification could include a made-up reason for the payment."

So if you want to be 100% sure, it is probably a good idea to wait for the password and description, or to confirm with the sender about the transfer if the sender is your family member but didn't inform you about it before or after.
"Happiness is when what you think, what you say, and what you do are in harmony" -- Mahatma Gandhi

"Life is really simple, but we insist on making it complicated" - from a wise person

User avatar
tightwad
Silver Ring
Silver Ring
Posts: 167
Joined: 07 Feb 2007 15:26
Location: BC

Re: Receiving Interac e-Transfer

Post by tightwad » 20 Aug 2017 20:34

RBull wrote:
20 Aug 2017 15:00
The transfer process can be initiated/completed by simply going online at your financial institution to see if there is a request to complete a transaction, thereby bypassing the email.
No worries then, if one has this option.

RBull
Newcomer
Newcomer
Posts: 8
Joined: 05 Feb 2013 13:36

Re: Receiving Interac e-Transfer

Post by RBull » 25 Aug 2017 08:24

tightwad wrote:
20 Aug 2017 20:34
RBull wrote:
20 Aug 2017 15:00
The transfer process can be initiated/completed by simply going online at your financial institution to see if there is a request to complete a transaction, thereby bypassing the email.
No worries then, if one has this option.
The email is simply a notification and a potential convenience (or danger if phishing) to link to your institution, and has no value regarding validating or accessing the actual transfer. Therefore no need to use it, and every reason to avoid it especially if you don't recognize the sender or aren't expecting funds, before first verifying with them.

Simply ignore the link for an etransfer, go directly to your banks portal and access your accounts and messages in the normal way. There is no concern this way. :thumbsup:

User avatar
IdOp
Gold Ring
Gold Ring
Posts: 2856
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Receiving Interac e-Transfer

Post by IdOp » 25 Aug 2017 11:55

RBull wrote:
25 Aug 2017 08:24
Simply ignore the link for an etransfer, go directly to your banks portal and access your accounts and messages in the normal way. There is no concern this way. :thumbsup:
Indeed, I went into TD EasyWeb and looked under Transfers. The links to receive e-transfers are all there (although I'm not registered to use them). That is all good. What threw me off earlier in the thread was looking at the Interac e-transfer FAQ on how to receive. It does not mention this way to circumvent the e-mail link. (Perhaps it would be obvious if one had done it once, but I haven't.)

RBull
Newcomer
Newcomer
Posts: 8
Joined: 05 Feb 2013 13:36

Re: Receiving Interac e-Transfer

Post by RBull » 25 Aug 2017 16:34

IdOp wrote:
25 Aug 2017 11:55
RBull wrote:
25 Aug 2017 08:24
Simply ignore the link for an etransfer, go directly to your banks portal and access your accounts and messages in the normal way. There is no concern this way. :thumbsup:
Indeed, I went into TD EasyWeb and looked under Transfers. The links to receive e-transfers are all there (although I'm not registered to use them). That is all good. What threw me off earlier in the thread was looking at the Interac e-transfer FAQ on how to receive. It does not mention this way to circumvent the e-mail link. (Perhaps it would be obvious if one had done it once, but I haven't.)

Excellent! An easy way to see if it's for real! :thumbsup:

Post Reply