Receiving Interac e-Transfer
Receiving Interac e-Transfer
A notification email is sent to the recipient of an Interac e-Transfer. Apparently it's normal procedure then to click on a button or link in such an email to initiate the process. How can one tell whether the email is legitimate and not part of a phishing scam?
Last edited by tightwad on 17 Aug 2017 20:44, edited 1 time in total.
Re: Receiving Interac e-Transfer
I would contact the sender if I was not expecting a payment.
For the fun of it...Keith
Re: Receiving Interac e-Transfer
Well normally you would be expecting the email money transfer and would have communicated with the sender in order to obtain the email money transfer password from them.
In theory, I suppose, if one was selling an item, a potential buyer could agree to send payment $ by email transfer and set up a phishing program to spoof an email transfer and your bank signin info, to obtain your info. He would have to have phishing links to all banks websites as he would not know what bank you dealt with. Also you could check your bank account through a separate sign in, immediately after accepting the transfer. If legit, the money would be in your account.
Know the sender is the best advice.
In theory, I suppose, if one was selling an item, a potential buyer could agree to send payment $ by email transfer and set up a phishing program to spoof an email transfer and your bank signin info, to obtain your info. He would have to have phishing links to all banks websites as he would not know what bank you dealt with. Also you could check your bank account through a separate sign in, immediately after accepting the transfer. If legit, the money would be in your account.
Know the sender is the best advice.
Re: Receiving Interac e-Transfer
Yes, good idea if it's someone you know. It's possible that their mail account was compromised and is being used for nefarious purposes. To make it look real the notification could include a made-up reason for the payment.
What if the email is from a stranger? Would you take a chance on responding? What if you're someone who accepts donations for your work? For example: Amateur web musicians and freeware authors. It wouldn't be practical for those people to contact each individual.
It's possible for bank links to be spoofed - it's been done before. They wouldn't have have a complete list of institutions, just the major players. Having money deposited to your account is no guarantee it's all good; if it's a scam they already have your login credentials and can come back later to clean out the account.
Maybe I'm being overly paranoid but being caught in this type of scam would have major consequences.
Re: Receiving Interac e-Transfer
I think the donations thing is why most use PayPal.
For the fun of it...Keith
Re: Receiving Interac e-Transfer
I guess the old adage "Don't take candy from strangers." applies. In this case it's money and not candy. And if you do, don't do it through Interac e-Transfer.
- IdOp
- Veteran Contributor
- Posts: 3873
- Joined: 16 Feb 2006 11:27
- Location: On the Pacific sea bed, 100 mi off the CA coast.
- Contact:
Re: Receiving Interac e-Transfer
I share tightwad's concerns. Email was never designed for security or authentication. ISTM that a legitimate, expected, e-transfer notification from someone you know could (in principle) be tampered with before you receive it and turned into a phishing attempt. Here is an Interac link about security, but there is no satisfactory answer there.
Perhaps there have not been a lot of problems in reality, but asking you to click on a link in an email is not good practice. Why doesn't the email jusk ask you to log in to online banking as usual, with no links? Once there, you could follow a link on the bank site to check for pending e-transfers. (There could even be a pop-up notice informing you of any.) Then you answer the security question and direct the money to the right account. This might take two extra clicks, so maybe that's why it's not done that way?
Perhaps there have not been a lot of problems in reality, but asking you to click on a link in an email is not good practice. Why doesn't the email jusk ask you to log in to online banking as usual, with no links? Once there, you could follow a link on the bank site to check for pending e-transfers. (There could even be a pop-up notice informing you of any.) Then you answer the security question and direct the money to the right account. This might take two extra clicks, so maybe that's why it's not done that way?
Re: Receiving Interac e-Transfer
Alternatively, the notification email could provide a key that can be copy-pasted into a form on the Interac website. After verification receipt can then continue as it does now.
-
- Contributor
- Posts: 592
- Joined: 01 Dec 2014 19:28
Re: Receiving Interac e-Transfer
You could look at the headers of the email and see where the message came from, you could also look at the link before you click on it to see if it goes to interact or not. Like it or not, you can't really fake a link if you know how to look at the code. The internet works pretty transparently if you educate yourself on how it works.
You can fake the link's displayed destination, and even the email displayed address but, in the HTML code which can easily be displayed with the click of a mouse, you can see if it's the same as it should be or if it's faked.
You can fake the link's displayed destination, and even the email displayed address but, in the HTML code which can easily be displayed with the click of a mouse, you can see if it's the same as it should be or if it's faked.
- IdOp
- Veteran Contributor
- Posts: 3873
- Joined: 16 Feb 2006 11:27
- Location: On the Pacific sea bed, 100 mi off the CA coast.
- Contact:
Re: Receiving Interac e-Transfer
You can do those things, and they do have value, but even an experienced person may not really know exactly what the link is supposed to be. But for a heck of a lot of people doing those things is just beyond their capabilities. And Interac wants those people using the system too, to make more money. It seems like they have gone to 100% convenience to capture the most users, and those last few percent of users who need that convenience are the exact ones most likely to fall for a scam.
- freedom_2008
- Contributor
- Posts: 841
- Joined: 16 Nov 2010 17:46
- Location: Victoria
Re: Receiving Interac e-Transfer
You can't.
But if you don't receive another email from the sender to let you know the password of the transfer, you definitely don't want to click the link, as no one can deposit e-transfer fund without using the password set by the sender.
Even if the sender did send you the password, but not telling you what the money is for, or if the money is not really for you by sender's description, then the sender might just send to wrong email address, if it is not a scam. You wouldn't want to click the link either.
“Life is 10% what happens to you and 90% how you react.” — Charles R. Swindoll
Re: Receiving Interac e-Transfer
Is it customary for the sender to send the password/answer to the recipient in a separate email? I guess it would make sense if the recipient is someone who is not particularly close to the sender.freedom_2008 wrote: ↑19 Aug 2017 22:05 ...if you don't receive another email from the sender to let you know the password of the transfer...
- freedom_2008
- Contributor
- Posts: 841
- Joined: 16 Nov 2010 17:46
- Location: Victoria
Re: Receiving Interac e-Transfer
For legitimate e-transfer, the e-transfer email itself is sent by bank e-transfer service on behalf of the sender, NOT from the sender directly, and it wouldn't contain the password set by the sender. The sender can and should either send an email or call or messaging or meet you in person to tell you the password. Otherwise, why bother the e-transfer in the first place, unless it is a scam or wrong email address.tightwad wrote: ↑20 Aug 2017 00:00Is it customary for the sender to send the password/answer to the recipient in a separate email? I guess it would make sense if the recipient is someone who is not particularly close to the sender.freedom_2008 wrote: ↑19 Aug 2017 22:05 ...if you don't receive another email from the sender to let you know the password of the transfer...
“Life is 10% what happens to you and 90% how you react.” — Charles R. Swindoll
Re: Receiving Interac e-Transfer
ISTM that we _have_ to use email transfers cos the banks make it just about impossible for a private customer to make a simple transfer to someone with an account at another bank. Even a same-bank transfer at TD requires an off-line process to set up a payee.
Peter
Patrick Hutber: Improvement means deterioration
Patrick Hutber: Improvement means deterioration
Re: Receiving Interac e-Transfer
From the millions of such transfers that have occurred in Canada since they were made available, how many times a hack has happened? Oh, it has never happened so far. By all means, be vigilant, but to go as far as saying it's too dangerous to use it's an overreaction IMHO.tightwad wrote: ↑17 Aug 2017 20:24Yes, good idea if it's someone you know. It's possible that their mail account was compromised and is being used for nefarious purposes. To make it look real the notification could include a made-up reason for the payment.
What if the email is from a stranger? Would you take a chance on responding? What if you're someone who accepts donations for your work? For example: Amateur web musicians and freeware authors. It wouldn't be practical for those people to contact each individual.
finiki, the Canadian financial wiki
“It doesn't matter how beautiful your theory is, it doesn't matter how smart you are. If it doesn't agree with experiment, it's wrong.” [Richard P. Feynman, Nobel prize winner]
“It doesn't matter how beautiful your theory is, it doesn't matter how smart you are. If it doesn't agree with experiment, it's wrong.” [Richard P. Feynman, Nobel prize winner]
- freedom_2008
- Contributor
- Posts: 841
- Joined: 16 Nov 2010 17:46
- Location: Victoria
Re: Receiving Interac e-Transfer
I meant if the recipient doesn't receive the password from the sender (via a separate email or other means), the e-transfer is useless. In this case (no password received), the transfer could be a scam, or wrong email address by mistake when the transfer was set by the sender.freedom_2008 wrote: ↑20 Aug 2017 01:36For legitimate e-transfer, the e-transfer email itself is sent by bank e-transfer service on behalf of the sender, NOT from the sender directly, and it wouldn't contain the password set by the sender. The sender can and should either send an email or call or messaging or meet you in person to tell you the password. Otherwise, why bother the e-transfer in the first place, unless it is a scam or wrong email address.tightwad wrote: ↑20 Aug 2017 00:00Is it customary for the sender to send the password/answer to the recipient in a separate email? I guess it would make sense if the recipient is someone who is not particularly close to the sender.freedom_2008 wrote: ↑19 Aug 2017 22:05 ...if you don't receive another email from the sender to let you know the password of the transfer...
“Life is 10% what happens to you and 90% how you react.” — Charles R. Swindoll
Re: Receiving Interac e-Transfer
... and if you don't provide the right password, you don't get to the choosing bank account and entering passwords stage either (if memory serves me correctly on the order of the steps). So then no problem re: phishing.
- freedom_2008
- Contributor
- Posts: 841
- Joined: 16 Nov 2010 17:46
- Location: Victoria
Re: Receiving Interac e-Transfer
If there is a scam, the phishing link probably to somewhere else, rather than the normal e-transfer steps.
In any case, if not giving a password by the sender separately or/and the sender description about the transfer doesn't sound right, I wouldn't click any link, as the money might not be yours to take, phishing or not.
“Life is 10% what happens to you and 90% how you react.” — Charles R. Swindoll
Re: Receiving Interac e-Transfer
There would be instances in which a password is not sent, such as in a transfer between the sender and a family member. The question would be such that only someone close would know the answer.
Re: Receiving Interac e-Transfer
Why worry about clicking the link?
The transfer process can be initiated/completed by simply going online at your financial institution to see if there is a request to complete a transaction, thereby bypassing the email. The link isn't needed, at least at my institution. You would need to know the security question/answer which would seem to confirm it's someone you know, or money that is expected.
The transfer process can be initiated/completed by simply going online at your financial institution to see if there is a request to complete a transaction, thereby bypassing the email. The link isn't needed, at least at my institution. You would need to know the security question/answer which would seem to confirm it's someone you know, or money that is expected.
- freedom_2008
- Contributor
- Posts: 841
- Joined: 16 Nov 2010 17:46
- Location: Victoria
Re: Receiving Interac e-Transfer
Sure. But this is to answer your question of "How can one tell whether the email is legitimate and not part of a phishing scam?". Plus you also said earlier: "It's possible that their mail account was compromised and is being used for nefarious purposes. To make it look real the notification could include a made-up reason for the payment."
So if you want to be 100% sure, it is probably a good idea to wait for the password and description, or to confirm with the sender about the transfer if the sender is your family member but didn't inform you about it before or after.
“Life is 10% what happens to you and 90% how you react.” — Charles R. Swindoll
Re: Receiving Interac e-Transfer
The email is simply a notification and a potential convenience (or danger if phishing) to link to your institution, and has no value regarding validating or accessing the actual transfer. Therefore no need to use it, and every reason to avoid it especially if you don't recognize the sender or aren't expecting funds, before first verifying with them.
Simply ignore the link for an etransfer, go directly to your banks portal and access your accounts and messages in the normal way. There is no concern this way.
- IdOp
- Veteran Contributor
- Posts: 3873
- Joined: 16 Feb 2006 11:27
- Location: On the Pacific sea bed, 100 mi off the CA coast.
- Contact:
Re: Receiving Interac e-Transfer
Indeed, I went into TD EasyWeb and looked under Transfers. The links to receive e-transfers are all there (although I'm not registered to use them). That is all good. What threw me off earlier in the thread was looking at the Interac e-transfer FAQ on how to receive. It does not mention this way to circumvent the e-mail link. (Perhaps it would be obvious if one had done it once, but I haven't.)
Re: Receiving Interac e-Transfer
IdOp wrote: ↑25 Aug 2017 11:55Indeed, I went into TD EasyWeb and looked under Transfers. The links to receive e-transfers are all there (although I'm not registered to use them). That is all good. What threw me off earlier in the thread was looking at the Interac e-transfer FAQ on how to receive. It does not mention this way to circumvent the e-mail link. (Perhaps it would be obvious if one had done it once, but I haven't.)
Excellent! An easy way to see if it's for real!