Intercepted E-Transfer

Intercepted E-Transfer

An ‘Intercepted E-Transfer’ occurs when a member sends a legitimate E-Transfer to someone they know. A fraudster intercepts the E-Transfer and deposits the funds into a different account before the intended recipient has a chance to accept and deposit the funds.

Why E-Transfer passwords are key

The interception is caused by fraudsters accessing the recipients’ email account – generally when the recipient has clicked on a phishing email. By accessing the recipients’ email account, the fraudster sees the E-Transfer notification and uses the deposit link to re-route the funds into a different account by answering a weak security question. This is not a targeted attack against specific domain names (i.e., etc.) but more a crime of opportunity once a phishing email has been clicked on. 

What you can do to protect yourself

  • Do not communicate the security question answer for the E-Transfer via email or in the E-Transfer itself (i.e. in the Memo section). Members should call/text the security question answer to the recipient.
  • Select a security question/answer that is not generic and will be difficult for the fraudster/third party to guess. Members should be aware that there are 4 attempts available to answer the security question. For example, the question ‘Who’s my favorite Beatle?’ should not be used because there are only 4 band members and the fraudsters have 4 attempts to guess the answer.
  • Do not click on any links or open any attachments any suspicious or unexpected emails and only deal with people/businesses that are trusted.
  • Register for ‘Auto deposit’ for E-Transfers. This feature allows Members to register their email address to their bank account so when an E-Transfer is received, the money will be automatically be deposited. This eliminates the need for Security Questions/Answers – making it more difficult for fraudsters to intercept the transfer.
  • If possible, set up 2 Factor Authentication (sometimes called Dual Authentication) through your email domain. This makes it more difficult for fraudsters to get access to your email.

What are we doing to protect you, our members?

  • Interac announced that they will begin scoring, alerting, and reporting suspicious E-Transfers sent to potentially compromised email addresses in an attempt to prevent the transfer from being intercepted. Cypress Credit Union will act accordingly based on the Alerts received. 
  • Steps to recover funds on an intercepted E-Transfer will be made to the best of our ability; however, recovery of these funds is not always possible.

What You Can Do When Notified of an ‘Intercepted E-Transfer’

  • Once alerted to an intercepted E-Transfer, please notify your Financial Services Representative
  • There may be the ability to cancel the E-Transfer or attempt recovery.
  • Provide details regarding the E-Transfer including the name of the intended recipient, and the email address and phone number.
  • Please note that there is no guarantee that the funds will be recovered. If funds are not recoverable, you will have to cover these expenses out of your own pocket – this is why it is crucial that members ensure they are following the tips above to protect themselves.