Email Account Compromise

Background:

An Email Account Compromise occurs when someone other than the intended user steals credentials to access an email account; for example: email address and password.  The hacker uses those credentials to sign in as the original user and can access emails, including Interac eTransfer notifications.

Current Trends:

• There is an increase in email account compromises where Interac e-Transfer email notifications are being accessed by a third party and not the intended recipient or legitimate email account holder.  

• The third party uses the link provided in the email notification to access the gateway and deposit the funds. 

• Many of the email account compromises involve telecom domains (telus.net, shaw.ca), indicating a potential phishing campaign affecting these domains.

Here is what you can do to protect yourself:

• Register for Interac e-Transfer Auto-deposit; this eliminates the need for a security question and answer in every transaction and the money goes directly to your account.

• Always be vigilant when transacting online.

• Use two-factor authentication for e-mail; most email providers have this feature. 

• Do not use the same password across various accounts.    

• Use strong passwords and never share passwords.

• Do not communicate the answer to the security question in the security question itself or via email.  Call and/or text the recipient with the password.

• Select a question and answer that is not easy to guess or search on the web or social media; for example: what is the colour of the sky? What is my First/Last name? What is the name of my dog/mom/dad? What city do we live in?

• Be cautious not to click on any phishing links and ensure that you are only transacting with trusted websites, vendors and people.

• If you are suspicious of any transaction, immediately notify your financial institution.    

For more information about how you can protect yourself when transacting online visit www.interac.ca.