Background:
An Email Account Compromise occurs when someone other than the intended user steals credentials to access an email account; for example: email address and password. The hacker uses those credentials to sign in as the original user and can access emails, including Interac eTransfer notifications.
Current Trends:
-
There is an increase in email account compromises where Interac e-Transfer email notifications are being accessed by a third party and not the intended recipient or legitimate email account holder.
-
The third party uses the link provided in the email notification to access the gateway and deposit the funds.
-
Many of the email account compromises involve telecom domains (telus.net, shaw.ca), indicating a potential phishing campaign affecting these domains.
Here is what you can do to protect yourself:
-
Register for Interac e-Transfer Auto-deposit; this eliminates the need for a security question and answer in every transaction and the money goes directly to your account.
-
Always be vigilant when transacting online.
-
Use two-factor authentication for e-mail; most email providers have this feature.
-
Do not use the same password across various accounts.
-
Use strong passwords and never share passwords.
-
Do not communicate the answer to the security question in the security question itself or via email. Call and/or text the recipient with the password.
-
Select a question and answer that is not easy to guess or search on the web or social media; for example: what is the colour of the sky? What is my First/Last name? What is the name of my dog/mom/dad? What city do we live in?
-
Be cautious not to click on any phishing links and ensure that you are only transacting with trusted websites, vendors and people.
-
If you are suspicious of any transaction, immediately notify your financial institution.
For more information about how you can protect yourself when transacting online visit www.interac.ca.