Recently, there has been a notable increase in reported phishing involving e-Transfers, including on mobile devices. Here are a few examples:

Mobile Device e-Transfer Phishing Scam

Please be aware that, not only may a scammer try to send you a phishing email... you may get a fake e-Transfer text on your mobile device.

In the most recent twist to the e-Transfer phishing scam, a recipient will receive a text appearing to be a legitimate e-Transfer. It will direct the recipient to click on a link to retrieve a refund. Once the recipient clicks on the link, they will be redirected to a website which will prompt them to enter their internet banking credentials in order to accept the 'e-Transfer'. The criminals behind the scam are then able to capture the victim's internet banking credentials and the website may also upload malicious software to the victim's device.

Here is an example of this kind of phishing message:  INTERAC E-transfer: Your Mobility service was overcharged by 53.45$. Click here to refund your funds: http: / / refun38 - payme19 . com /

*** Please be wary of e-Transfers that you don't expect to receive and carefully examine any unsolicited text messages and emails.

Here are some common indicators that a message is fraudulent:

• A message about an e-Transfer appears to come from an unrecognisable and trusted business or organization that is not likely to send out e-Transfers (eg. CRA tax refunds, internet or cell phone service providers, Amazon or other online shopping sites who could simply apply a credit to your account).
• The message does not address the recipient by name (eg. 'Dear Valued Customer' rather than 'Dear Bob Jones')
• The message does not refer to the sender by name (eg. 'Your Mobility Service' rather than 'Your Telus Account'; 'Your Online Banking' rather than 'Encompass Credit Union Online Banking').
• The message puts a time limit on the response to create a sense of urgency (eg. 'If you don't reply within 24 hours, your accounts will be closed'; 'This offer expires in the next ten minutes').
• The message makes an offer that seems too good to be true.

If you have already received one of these messages and have attempted to deposit the 'e-Transfer', please change your Personal Access Code (PAC) for your online banking and your security questions, thoroughly clean or reset your device to factory settings to get rid of any possible malware, and review your account history to determine if there are any fraudulent online transactions.

Check to see if there is a respected anti-virus program available for your mobile device in your app store.

*** We highly recommend that you turn on Direct Alerts in your Internet Banking.

Canada Revenue Agency (CRA)

Fraudsters may send you an email stating that the CRA is trying to send you money or verify your personal information. This is known as a phishing scam. The CRA does not use the Interac® e-Transfer service to collect or disburse payments. If you receive one of these emails, do not respond. Forward the email to the address found on the Interac e-Transfer Fraud Update page so they can investigate it further.

Fake Transfers

Fraudsters may send you an email that looks like an official email from Interac e-Transfer, but in reality, it isn't legitimate. For example, you could received an email claiming to be from Interac saying they are holding money in escrow until you provide evidence of having shipped goods. This is not a service that Interac offers and is simply a way of trying to get information from you.

How to Protect Yourself from Phishing Scams

If you receive an email that seems suspicious or is unexpected, then check with the sender through a different contact medium (eg. in person, or phone them) to validate it. If it's not legitimate, then delete it.

If you receive an email or e-Transfer notification from someone you don't know, then don't respond or click on any links.

To learn more about what Phishing is, take a look at our Internet Scams page.

Find out more about Phishing scams and some Phishing Prevention Tips on our Protect Yourself page.