Cybersecurity Blog

Banks blaming customers for etransfer fraud. Here is how to protect yourself – 09/26/19


When a Manitoba man tried to etransfer his contractor, the money ended up in a criminals account instead.  When he discovered the fraud, he thought he was protected. However, he was shocked when his bank informed him that he was to blame and he wouldn’t be compensated for the loss. The reason? The answer to the security question he chose could be found on Facebook.  As far as the bank was concerned, he had not taken adequate steps to secure the etransfer and therefore they were not liable for the loss.

How did his etransfer get intercepted and deposited into a criminal’s account instead of his contractor’s? The contractor’s email had been compromised without his knowledge. Once the fraudsters had access to his email, they simply waited until an email with an etransfer link showed up in the inbox and clicked on it. The story would have ended there if the answer to the security question had been more challenging. Unfortunately, the man chose to use the name of the contractor’s wife. A quick check on Facebook gave the answer to the criminals who swiftly moved the money into their account.

After months of battling with the bank and with the help of the RCMP,  the man eventually recovered his money.  However he was one of the lucky ones. Most victims never see their money again.

How do you prevent this from happening to you? First, when sending an etransfer choose to send it by phone instead of email. Unencrypted text messages can be intercepted but it requires a lot more effort than stealing someone’s email . Second, make sure the answer to your security question isn’t easy to guess or find.  Our man from Manitoba would have avoided months of aggravation if he had told the contractor that the answer to the security question was Saskatchewan and not the actual name of his wife.  Lastly make sure you use a security question. Removing that step makes life easier for people, but it leaves them exposed to possible fraud.



2 thoughts on “Banks blaming customers for etransfer fraud. Here is how to protect yourself – 09/26/19

  1. Actually auto deposit is less secure. Without a password protecting the transaction, all a hacker needs to do is intercept the text message or get access to the email and with one click the money is automatically transferred into their account. Having a security question with an answer that is difficult to guess is the best way to protect etransfers.

  2. If you are set up for autodeposit to receive e-transfers, is this safer for the sender and recipient?

Leave a Reply

Your email address will not be published.