Receiving Interac e-Transfer

Banking and Saving strategies, maximizing interest rates, budgeting, GICs, HISAs.
User avatar
tightwad
Contributor
Contributor
Posts: 183
Joined: 07 Feb 2007 15:26
Location: BC

Receiving Interac e-Transfer

Post by tightwad »

A notification email is sent to the recipient of an Interac e-Transfer. Apparently it's normal procedure then to click on a button or link in such an email to initiate the process. How can one tell whether the email is legitimate and not part of a phishing scam?
Last edited by tightwad on 17 Aug 2017 20:44, edited 1 time in total.
User avatar
kcowan
Veteran Contributor
Veteran Contributor
Posts: 16033
Joined: 18 Apr 2006 20:33
Location: Pacific latitude 20/49

Re: Receiving Interac e-Transfer

Post by kcowan »

I would contact the sender if I was not expecting a payment.
For the fun of it...Keith
twa2w
Veteran Contributor
Veteran Contributor
Posts: 2054
Joined: 22 Feb 2005 13:08

Re: Receiving Interac e-Transfer

Post by twa2w »

Well normally you would be expecting the email money transfer and would have communicated with the sender in order to obtain the email money transfer password from them.

In theory, I suppose, if one was selling an item, a potential buyer could agree to send payment $ by email transfer and set up a phishing program to spoof an email transfer and your bank signin info, to obtain your info. He would have to have phishing links to all banks websites as he would not know what bank you dealt with. Also you could check your bank account through a separate sign in, immediately after accepting the transfer. If legit, the money would be in your account.

Know the sender is the best advice.
User avatar
tightwad
Contributor
Contributor
Posts: 183
Joined: 07 Feb 2007 15:26
Location: BC

Re: Receiving Interac e-Transfer

Post by tightwad »

kcowan wrote: 17 Aug 2017 19:40 I would contact the sender if I was not expecting a payment.
Yes, good idea if it's someone you know. It's possible that their mail account was compromised and is being used for nefarious purposes. To make it look real the notification could include a made-up reason for the payment.

What if the email is from a stranger? Would you take a chance on responding? What if you're someone who accepts donations for your work? For example: Amateur web musicians and freeware authors. It wouldn't be practical for those people to contact each individual.
twa2w wrote: 17 Aug 2017 19:55 He would have to have phishing links to all banks websites as he would not know what bank you dealt with. Also you could check your bank account through a separate sign in, immediately after accepting the transfer. If legit, the money would be in your account.
It's possible for bank links to be spoofed - it's been done before. They wouldn't have have a complete list of institutions, just the major players. Having money deposited to your account is no guarantee it's all good; if it's a scam they already have your login credentials and can come back later to clean out the account.

Maybe I'm being overly paranoid but being caught in this type of scam would have major consequences.
User avatar
kcowan
Veteran Contributor
Veteran Contributor
Posts: 16033
Joined: 18 Apr 2006 20:33
Location: Pacific latitude 20/49

Re: Receiving Interac e-Transfer

Post by kcowan »

I think the donations thing is why most use PayPal.
For the fun of it...Keith
User avatar
tightwad
Contributor
Contributor
Posts: 183
Joined: 07 Feb 2007 15:26
Location: BC

Re: Receiving Interac e-Transfer

Post by tightwad »

I guess the old adage "Don't take candy from strangers." applies. In this case it's money and not candy. And if you do, don't do it through Interac e-Transfer.
User avatar
IdOp
Veteran Contributor
Veteran Contributor
Posts: 3873
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Receiving Interac e-Transfer

Post by IdOp »

I share tightwad's concerns. Email was never designed for security or authentication. ISTM that a legitimate, expected, e-transfer notification from someone you know could (in principle) be tampered with before you receive it and turned into a phishing attempt. Here is an Interac link about security, but there is no satisfactory answer there.

Perhaps there have not been a lot of problems in reality, but asking you to click on a link in an email is not good practice. Why doesn't the email jusk ask you to log in to online banking as usual, with no links? Once there, you could follow a link on the bank site to check for pending e-transfers. (There could even be a pop-up notice informing you of any.) Then you answer the security question and direct the money to the right account. This might take two extra clicks, so maybe that's why it's not done that way?
User avatar
tightwad
Contributor
Contributor
Posts: 183
Joined: 07 Feb 2007 15:26
Location: BC

Re: Receiving Interac e-Transfer

Post by tightwad »

Alternatively, the notification email could provide a key that can be copy-pasted into a form on the Interac website. After verification receipt can then continue as it does now.
Just a Guy
Contributor
Contributor
Posts: 592
Joined: 01 Dec 2014 19:28

Re: Receiving Interac e-Transfer

Post by Just a Guy »

You could look at the headers of the email and see where the message came from, you could also look at the link before you click on it to see if it goes to interact or not. Like it or not, you can't really fake a link if you know how to look at the code. The internet works pretty transparently if you educate yourself on how it works.

You can fake the link's displayed destination, and even the email displayed address but, in the HTML code which can easily be displayed with the click of a mouse, you can see if it's the same as it should be or if it's faked.
User avatar
IdOp
Veteran Contributor
Veteran Contributor
Posts: 3873
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Receiving Interac e-Transfer

Post by IdOp »

You can do those things, and they do have value, but even an experienced person may not really know exactly what the link is supposed to be. But for a heck of a lot of people doing those things is just beyond their capabilities. And Interac wants those people using the system too, to make more money. It seems like they have gone to 100% convenience to capture the most users, and those last few percent of users who need that convenience are the exact ones most likely to fall for a scam.
User avatar
freedom_2008
Contributor
Contributor
Posts: 841
Joined: 16 Nov 2010 17:46
Location: Victoria

Re: Receiving Interac e-Transfer

Post by freedom_2008 »

tightwad wrote: 17 Aug 2017 18:02 A notification email is sent to the recipient of an Interac e-Transfer. Apparently it's normal procedure then to click on a button or link in such an email to initiate the process. How can one tell whether the email is legitimate and not part of a phishing scam?
You can't.

But if you don't receive another email from the sender to let you know the password of the transfer, you definitely don't want to click the link, as no one can deposit e-transfer fund without using the password set by the sender.

Even if the sender did send you the password, but not telling you what the money is for, or if the money is not really for you by sender's description, then the sender might just send to wrong email address, if it is not a scam. You wouldn't want to click the link either.
“Life is 10% what happens to you and 90% how you react.” — Charles R. Swindoll
User avatar
tightwad
Contributor
Contributor
Posts: 183
Joined: 07 Feb 2007 15:26
Location: BC

Re: Receiving Interac e-Transfer

Post by tightwad »

freedom_2008 wrote: 19 Aug 2017 22:05 ...if you don't receive another email from the sender to let you know the password of the transfer...
Is it customary for the sender to send the password/answer to the recipient in a separate email? I guess it would make sense if the recipient is someone who is not particularly close to the sender.
User avatar
freedom_2008
Contributor
Contributor
Posts: 841
Joined: 16 Nov 2010 17:46
Location: Victoria

Re: Receiving Interac e-Transfer

Post by freedom_2008 »

tightwad wrote: 20 Aug 2017 00:00
freedom_2008 wrote: 19 Aug 2017 22:05 ...if you don't receive another email from the sender to let you know the password of the transfer...
Is it customary for the sender to send the password/answer to the recipient in a separate email? I guess it would make sense if the recipient is someone who is not particularly close to the sender.
For legitimate e-transfer, the e-transfer email itself is sent by bank e-transfer service on behalf of the sender, NOT from the sender directly, and it wouldn't contain the password set by the sender. The sender can and should either send an email or call or messaging or meet you in person to tell you the password. Otherwise, why bother the e-transfer in the first place, unless it is a scam or wrong email address.
“Life is 10% what happens to you and 90% how you react.” — Charles R. Swindoll
pmj
Veteran Contributor
Veteran Contributor
Posts: 3412
Joined: 27 Feb 2005 18:15
Location: Ottawa

Re: Receiving Interac e-Transfer

Post by pmj »

ISTM that we _have_ to use email transfers cos the banks make it just about impossible for a private customer to make a simple transfer to someone with an account at another bank. Even a same-bank transfer at TD requires an off-line process to set up a payee.
Peter

Patrick Hutber: Improvement means deterioration
User avatar
adrian2
Veteran Contributor
Veteran Contributor
Posts: 13333
Joined: 19 Feb 2005 08:42
Location: Greater Toronto Area

Re: Receiving Interac e-Transfer

Post by adrian2 »

tightwad wrote: 17 Aug 2017 20:24
kcowan wrote: 17 Aug 2017 19:40 I would contact the sender if I was not expecting a payment.
Yes, good idea if it's someone you know. It's possible that their mail account was compromised and is being used for nefarious purposes. To make it look real the notification could include a made-up reason for the payment.

What if the email is from a stranger? Would you take a chance on responding? What if you're someone who accepts donations for your work? For example: Amateur web musicians and freeware authors. It wouldn't be practical for those people to contact each individual.
From the millions of such transfers that have occurred in Canada since they were made available, how many times a hack has happened? Oh, it has never happened so far. By all means, be vigilant, but to go as far as saying it's too dangerous to use it's an overreaction IMHO.
Imagefiniki, the Canadian financial wiki
“It doesn't matter how beautiful your theory is, it doesn't matter how smart you are. If it doesn't agree with experiment, it's wrong.” [Richard P. Feynman, Nobel prize winner]
User avatar
freedom_2008
Contributor
Contributor
Posts: 841
Joined: 16 Nov 2010 17:46
Location: Victoria

Re: Receiving Interac e-Transfer

Post by freedom_2008 »

freedom_2008 wrote: 20 Aug 2017 01:36
tightwad wrote: 20 Aug 2017 00:00
freedom_2008 wrote: 19 Aug 2017 22:05 ...if you don't receive another email from the sender to let you know the password of the transfer...
Is it customary for the sender to send the password/answer to the recipient in a separate email? I guess it would make sense if the recipient is someone who is not particularly close to the sender.
For legitimate e-transfer, the e-transfer email itself is sent by bank e-transfer service on behalf of the sender, NOT from the sender directly, and it wouldn't contain the password set by the sender. The sender can and should either send an email or call or messaging or meet you in person to tell you the password. Otherwise, why bother the e-transfer in the first place, unless it is a scam or wrong email address.
I meant if the recipient doesn't receive the password from the sender (via a separate email or other means), the e-transfer is useless. In this case (no password received), the transfer could be a scam, or wrong email address by mistake when the transfer was set by the sender.
“Life is 10% what happens to you and 90% how you react.” — Charles R. Swindoll
Jaunty
Veteran Contributor
Veteran Contributor
Posts: 1539
Joined: 19 Feb 2007 16:41
Location: Niagara

Re: Receiving Interac e-Transfer

Post by Jaunty »

... and if you don't provide the right password, you don't get to the choosing bank account and entering passwords stage either (if memory serves me correctly on the order of the steps). So then no problem re: phishing.
User avatar
freedom_2008
Contributor
Contributor
Posts: 841
Joined: 16 Nov 2010 17:46
Location: Victoria

Re: Receiving Interac e-Transfer

Post by freedom_2008 »

Jaunty wrote: 20 Aug 2017 11:12 ... and if you don't provide the right password, you don't get to the choosing bank account and entering passwords stage either (if memory serves me correctly on the order of the steps). So then no problem re: phishing.
If there is a scam, the phishing link probably :arrow: to somewhere else, rather than the normal e-transfer steps.

In any case, if not giving a password by the sender separately or/and the sender description about the transfer doesn't sound right, I wouldn't click any link, as the money might not be yours to take, phishing or not.
“Life is 10% what happens to you and 90% how you react.” — Charles R. Swindoll
User avatar
tightwad
Contributor
Contributor
Posts: 183
Joined: 07 Feb 2007 15:26
Location: BC

Re: Receiving Interac e-Transfer

Post by tightwad »

There would be instances in which a password is not sent, such as in a transfer between the sender and a family member. The question would be such that only someone close would know the answer.
RBull
Contributor
Contributor
Posts: 164
Joined: 05 Feb 2013 13:36
Location: Canada's Ocean Playground

Re: Receiving Interac e-Transfer

Post by RBull »

Why worry about clicking the link?

The transfer process can be initiated/completed by simply going online at your financial institution to see if there is a request to complete a transaction, thereby bypassing the email. The link isn't needed, at least at my institution. You would need to know the security question/answer which would seem to confirm it's someone you know, or money that is expected.
User avatar
freedom_2008
Contributor
Contributor
Posts: 841
Joined: 16 Nov 2010 17:46
Location: Victoria

Re: Receiving Interac e-Transfer

Post by freedom_2008 »

tightwad wrote: 20 Aug 2017 14:44 There would be instances in which a password is not sent, such as in a transfer between the sender and a family member. The question would be such that only someone close would know the answer.
Sure. But this is to answer your question of "How can one tell whether the email is legitimate and not part of a phishing scam?". Plus you also said earlier: "It's possible that their mail account was compromised and is being used for nefarious purposes. To make it look real the notification could include a made-up reason for the payment."

So if you want to be 100% sure, it is probably a good idea to wait for the password and description, or to confirm with the sender about the transfer if the sender is your family member but didn't inform you about it before or after.
“Life is 10% what happens to you and 90% how you react.” — Charles R. Swindoll
User avatar
tightwad
Contributor
Contributor
Posts: 183
Joined: 07 Feb 2007 15:26
Location: BC

Re: Receiving Interac e-Transfer

Post by tightwad »

RBull wrote: 20 Aug 2017 15:00 The transfer process can be initiated/completed by simply going online at your financial institution to see if there is a request to complete a transaction, thereby bypassing the email.
No worries then, if one has this option.
RBull
Contributor
Contributor
Posts: 164
Joined: 05 Feb 2013 13:36
Location: Canada's Ocean Playground

Re: Receiving Interac e-Transfer

Post by RBull »

tightwad wrote: 20 Aug 2017 20:34
RBull wrote: 20 Aug 2017 15:00 The transfer process can be initiated/completed by simply going online at your financial institution to see if there is a request to complete a transaction, thereby bypassing the email.
No worries then, if one has this option.
The email is simply a notification and a potential convenience (or danger if phishing) to link to your institution, and has no value regarding validating or accessing the actual transfer. Therefore no need to use it, and every reason to avoid it especially if you don't recognize the sender or aren't expecting funds, before first verifying with them.

Simply ignore the link for an etransfer, go directly to your banks portal and access your accounts and messages in the normal way. There is no concern this way. :thumbsup:
User avatar
IdOp
Veteran Contributor
Veteran Contributor
Posts: 3873
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Receiving Interac e-Transfer

Post by IdOp »

RBull wrote: 25 Aug 2017 08:24Simply ignore the link for an etransfer, go directly to your banks portal and access your accounts and messages in the normal way. There is no concern this way. :thumbsup:
Indeed, I went into TD EasyWeb and looked under Transfers. The links to receive e-transfers are all there (although I'm not registered to use them). That is all good. What threw me off earlier in the thread was looking at the Interac e-transfer FAQ on how to receive. It does not mention this way to circumvent the e-mail link. (Perhaps it would be obvious if one had done it once, but I haven't.)
RBull
Contributor
Contributor
Posts: 164
Joined: 05 Feb 2013 13:36
Location: Canada's Ocean Playground

Re: Receiving Interac e-Transfer

Post by RBull »

IdOp wrote: 25 Aug 2017 11:55
RBull wrote: 25 Aug 2017 08:24Simply ignore the link for an etransfer, go directly to your banks portal and access your accounts and messages in the normal way. There is no concern this way. :thumbsup:
Indeed, I went into TD EasyWeb and looked under Transfers. The links to receive e-transfers are all there (although I'm not registered to use them). That is all good. What threw me off earlier in the thread was looking at the Interac e-transfer FAQ on how to receive. It does not mention this way to circumvent the e-mail link. (Perhaps it would be obvious if one had done it once, but I haven't.)

Excellent! An easy way to see if it's for real! :thumbsup:
Post Reply