A cybersecurity expert is raising alarms about a sophisticated new e-transfer scam that can significantly disrupt victims’ financial security. This scam involves unsuspecting individuals receiving unexpected deposits into their bank accounts without any required action such as entering a password, thanks to auto-deposit settings.
Terry Cutler, CEO of Cyology Labs in Montreal, outlined how the scam operates: victims receive an unexplained e-transfer, followed by a phishing email. This email typically spins a compelling sob story asking for the money to be returned urgently due to an emergency. The email includes a link that appears legitimate but is designed to steal personal banking information when used.
“If the victim uses the link provided to return the money, they are actually handing over their banking credentials to the scammers,” Cutler explained. He emphasized the importance of not interacting with the instructions provided in the fraudulent email. Instead, he advises individuals to contact their bank directly if they notice an unexpected deposit.
The consequences of interacting with these scam emails can be severe. “It can cause chaos for the individual, so the bottom line is to work with the bank,” Cutler added. The bank can then take appropriate measures to secure the account, including possibly issuing new bank cards and account numbers.
To prevent falling victim to such scams, Cutler recommends enabling two-step verification on all accounts and using strong, unique passwords. He also noted that the compromised information might have originated from data previously leaked on the dark web.
The Canadian Bankers Association also issued a warning, advising bank customers to be vigilant about unexpected deposits: “It is not safe to accept a random, unsolicited payment from an unknown source as there is always the possibility of fraud,” the association stated.
The public is urged to report any suspicious activity immediately to their bank and cease all communication with the sender while retaining all records of the transaction. This proactive approach can help mitigate potential damage and protect personal financial information from being exploited.