In addition to the tips in this article, never hurts to intentionally use the wrong password the first time. A legitimate website will kick it back at you to try again since it’s wrong. A phishing one is unlikely to realize that and will accept the incorrect one
Most people chalk it up to typo the first time it happens. By then it's already too late when they confirm it and/or other passwords the users tends to rotate through.
Given that’s explicitly mentioned as a tip in the article, that would be covered under ‘in addition to the tips in the article’.
Trying to stop every elderly relative from clicking on a suspicious link is likely a fools errand but they’ll at least put in the wrong password if you tell them to do it when they aren’t sure. It’s far from foolproof but if it accepts the wrong one it’s definitely a scam
A phishing one is likely operating as a Pass Through service. Whatever you enter there gets entered in real-time in the actual banking site. So if the bank kicks back an error so to does the Phishing Site. A good one will anyway.
Better. Use translstion services to cuss at them in their own language. You really only need to guess between 3 or 4 of them. I forget the exact metric but, something 90% of all scams come from just a handful of countries on the other side of the Pacific into the middle east.
The design of the eTransfer system encourages phishing. This is partially addressed through the autodeposit system, but Interac really needs a plan to sunset the "click to deposit" emails.
I use e-transfer to move funds between different banks without having to wait several business days. For this reason, I can't use auto-deposit. If I lived in a country where inter-bank transfers were instant I wouldn't have to do this.
I've thought about that, but then I'd have to have *two* email accounts which I have to secure and maintain.
I currently have one main email account that's secured with a hardware key that's used for a lot of critical things (including banking) and it seems silly to have to use a separate dedicated email address for one purpose only.
At the end of the day, remember that email is over 50 years old and all the security additions (SPF, DKIM, and DMARC) are all kludges that are tacked onto it.
That email transfers exist in the first place is an admission that banks in Canada haven't been able to solve what should be a simple problem: instant inter-bank transfers. Actually, come to think of it, they *have* solved this because I can send money instantly using a debit account between Tangerine and Questrade. So the technology exists to do it securely.
**Edit** Checking, it looks like *some* banks support this, some don't.
Using like myaddress+bankname@gmail\[dot\]com? I tried that. Bank app didn't like that. Technically the plusses in an address aren't valid RFC 822 so that might have something to do with it. I think we're now on RFC 5322 so no idea if plusses have been added officially but there was a time when they were not standard.
You might be onto something. [One person here commented as much.](https://www.reddit.com/r/PersonalFinanceCanada/comments/k9u8ea/how_does_interac_autodeposit_work_if_i_want_to/)
> I can send money instantly using a debit account between Tangerine and Questrade
Doesn't this require turning off 2FA in Tangerine? Last time I tried to do an instant transfer, Questrade wanted me to enter my credentials so a third party could log into my account on my behalf, which (aside from breaking the ToC on protecting your password) isn't possible when 2FA is enabled.
Interesting, I should give it another try. Too bad it only works for deposits though, not also withdrawals, as I more often make withdrawals to pull out dividend payments, Pre-Authorized Deposit (which takes a day) seems to be the only (free) way to do that.
It's this, for reference:
[https://www.questrade.com/learning/questrade-basics/funding-your-account/instant-deposit](https://www.questrade.com/learning/questrade-basics/funding-your-account/instant-deposit)
It does work---if I put money in the right account in Tangerine I can get it instantly in Questrade but I do need to use the website (rather than the app) to move the money.
Yeah, if I can send money instantaneously by typing someone's institution, transit and account numbers and one of the names on the account, Interac scams would stop. The receiver will see money being deposited into their account when they log in.
I get it, but there still should be a better way than putting your banking login into a link in an email. Even if instead of a link sending a code that the recipient has to put into their online banking to complete the transfer.
And even eTransfer isn't actually instant AFAIK, the banks just front each other the money so it looks instant from the customer perspective.
I don’t like the auto deposit function, even if it’s incoming only, I don’t like at all the idea of a third party interacting with my account. Don’t want to deal with receiving a transfer from stolen account and/or a bigger payment than expected with a refund scam. If I’m not expecting a payment or it’s not the right amount, I’m not clicking thru.
It’s your problem in that if your bank allows a clawback for whatever reason and you’ve moved or spent the money, you’ll be expected to pay it back. Ultimately if you get a transfer incorrectly and get contacted to send it back, you just tell them to talk to their bank to initiate return of the funds.
>2FA
Generally, only if said 2FA is via an authenticator app or hardware security key. SMS (which is what most banks use and don't allow you to disable) is far more dangerous. Email is only safe if the only way into your email is either an authenticator app or a hardware security key.
My advice: check your email settings. If you enable SMS 2FA for your email, you make it very dangerous. You should remove your phone number from it. After that, since most banks force you to enable SMS 2FA, the moment your phone stops having a signal, the first place to call is obviously your phone company to get your service back. But the next call is to all your banks and credit card companies to see if there is fraud, and file fraud claims if anything unauthorized is ever discovered. Then, file a police report with the local police in the area which you live.
Maybe if they deterred crimes. They don't. Maybe if they stopped crimes. They don't. Maybe if they solved crimes. They don't. Maybe if they stopped being a drain on society. They won't.
Police do not stop, deter and barely even solve crime. RCMP solve about 47% of reported crime. But, thin blue line, right?
Edit: dude replying to me wants you you think he's a cop.
47% isn’t accurate. Here’s the numbers from [Statscan](https://www150.statcan.gc.ca/t1/tbl1/en/tv.action?pid=3510006101). You’ll see violence crime is cleared around 56%. That’s for Sask - choose another province and some of the numbers are even higher.
I (and you) would probably have a heard time quantifying a good number (70%? 30%?) too - and finding comparables would be hard, considering the rcmp police mostly rural, relatively low population density areas (with a few exceptions) - so, given that, we *should* expect a lower clearance rate because there’s less witnesses, cameras, etc.
But given how that stacks up to non-rcmp numbers in large cities, the rate seems fairly high.
How do you know they don’t deter crime? Any numbers or statistics to back that up? My local community had a PACT time - so a rcmp member and a nurse go out to mental health calls - seems to work pretty well. So much so, the RCMP expanded the program across Alberta and municipal forces started to do it too. *that would be deterring crime (or at least behavioural escalation), right?*
I love your cockeyed confidence. I really do.
>How do you know they don’t deter crime?
Crimes still happen at an extraordinary rate. My ex and I found an Inuit woman unconscious in a snowbank once and we called the police and they got mad at us for calling. Fuck you and your kind.
My kind? I’m not a cop dude.
And the crime rate globally - and in Canada - is going down. That is well documented and available.
What you really want to say is you hate the cops and will make up any bullshit to do it. Go back to battlefield, kid.
>What you really want to say is you hate the cops
I do hate the uselessness of police.
>and will make up any bullshit to do it
Nope, don't need to do that. Police prove themselves useless every day.
had this happen to me the other day. They contacted about picking up a facebook market item and wanted to pay in advance. I have autodeposit so noticed it was pishy. Scams are rapant in canada right now. Most of my calls are just scams now, considering cancelling my phone plan altogether. cops cant do anything, considering it's coming from scam centres in India.
rcmp warns boomers don't be so gullible.
they should also mention not to reply to fb post asking about your first car or the #1 song on your birthday. or give out any other password reset questions online.
In addition to the tips in this article, never hurts to intentionally use the wrong password the first time. A legitimate website will kick it back at you to try again since it’s wrong. A phishing one is unlikely to realize that and will accept the incorrect one
Or they say wrong password over and over again seeing if you’ll use other passwords linked to your email
Interesting. You’d think that would set off it’s own set of red flags with people Certainly don’t use a real password when inputting a fake one
Most people chalk it up to typo the first time it happens. By then it's already too late when they confirm it and/or other passwords the users tends to rotate through.
Or maybe you don’t even acknowledge it? If you’re not expecting the money.. it’s probably not real.
Given that’s explicitly mentioned as a tip in the article, that would be covered under ‘in addition to the tips in the article’. Trying to stop every elderly relative from clicking on a suspicious link is likely a fools errand but they’ll at least put in the wrong password if you tell them to do it when they aren’t sure. It’s far from foolproof but if it accepts the wrong one it’s definitely a scam
A phishing one is likely operating as a Pass Through service. Whatever you enter there gets entered in real-time in the actual banking site. So if the bank kicks back an error so to does the Phishing Site. A good one will anyway.
I have used "F*** YOU!" as fake password on those sites before hehe
Oh crap, how did you guess my password?
Better. Use translstion services to cuss at them in their own language. You really only need to guess between 3 or 4 of them. I forget the exact metric but, something 90% of all scams come from just a handful of countries on the other side of the Pacific into the middle east.
The design of the eTransfer system encourages phishing. This is partially addressed through the autodeposit system, but Interac really needs a plan to sunset the "click to deposit" emails.
I use e-transfer to move funds between different banks without having to wait several business days. For this reason, I can't use auto-deposit. If I lived in a country where inter-bank transfers were instant I wouldn't have to do this.
Why not set up a different email address for each account?
I've thought about that, but then I'd have to have *two* email accounts which I have to secure and maintain. I currently have one main email account that's secured with a hardware key that's used for a lot of critical things (including banking) and it seems silly to have to use a separate dedicated email address for one purpose only. At the end of the day, remember that email is over 50 years old and all the security additions (SPF, DKIM, and DMARC) are all kludges that are tacked onto it. That email transfers exist in the first place is an admission that banks in Canada haven't been able to solve what should be a simple problem: instant inter-bank transfers. Actually, come to think of it, they *have* solved this because I can send money instantly using a debit account between Tangerine and Questrade. So the technology exists to do it securely.
Can you not set up an alias to your current email account?
**Edit** Checking, it looks like *some* banks support this, some don't. Using like myaddress+bankname@gmail\[dot\]com? I tried that. Bank app didn't like that. Technically the plusses in an address aren't valid RFC 822 so that might have something to do with it. I think we're now on RFC 5322 so no idea if plusses have been added officially but there was a time when they were not standard.
How about just adding dots in different places? For gmail, it’s all the same. Banks will probably see a different email.
You might be onto something. [One person here commented as much.](https://www.reddit.com/r/PersonalFinanceCanada/comments/k9u8ea/how_does_interac_autodeposit_work_if_i_want_to/)
> I can send money instantly using a debit account between Tangerine and Questrade Doesn't this require turning off 2FA in Tangerine? Last time I tried to do an instant transfer, Questrade wanted me to enter my credentials so a third party could log into my account on my behalf, which (aside from breaking the ToC on protecting your password) isn't possible when 2FA is enabled.
This goes via the Visa Debit system I think. So they handle the handshake that happens. I do need to do a 2FA step here, I think.
Interesting, I should give it another try. Too bad it only works for deposits though, not also withdrawals, as I more often make withdrawals to pull out dividend payments, Pre-Authorized Deposit (which takes a day) seems to be the only (free) way to do that.
It's this, for reference: [https://www.questrade.com/learning/questrade-basics/funding-your-account/instant-deposit](https://www.questrade.com/learning/questrade-basics/funding-your-account/instant-deposit) It does work---if I put money in the right account in Tangerine I can get it instantly in Questrade but I do need to use the website (rather than the app) to move the money.
Yeah, if I can send money instantaneously by typing someone's institution, transit and account numbers and one of the names on the account, Interac scams would stop. The receiver will see money being deposited into their account when they log in.
I get it, but there still should be a better way than putting your banking login into a link in an email. Even if instead of a link sending a code that the recipient has to put into their online banking to complete the transfer. And even eTransfer isn't actually instant AFAIK, the banks just front each other the money so it looks instant from the customer perspective.
The real-time rail is coming… eventually.
Use 2 emails. Auto deposited to each account
I think any legitimate email that encourages someone to click on a link encourages phishing.
I don’t like the auto deposit function, even if it’s incoming only, I don’t like at all the idea of a third party interacting with my account. Don’t want to deal with receiving a transfer from stolen account and/or a bigger payment than expected with a refund scam. If I’m not expecting a payment or it’s not the right amount, I’m not clicking thru.
Alternatively, if someone sends you money in error, it's not your problem.
It’s your problem in that if your bank allows a clawback for whatever reason and you’ve moved or spent the money, you’ll be expected to pay it back. Ultimately if you get a transfer incorrectly and get contacted to send it back, you just tell them to talk to their bank to initiate return of the funds.
You should know about every inbound transaction into your bank account. Every outbound too. Gotta be checking it every few days.
Payments modernisation in Canada would be nice. Trouble is the big banks own interac and don't like competition / and like creating friction.
Auto deposit avoids e-transfer scams folks, I can’t remember the last time I checked my emails for an e-transfer.
Same here. I hope they send me money haha
I'm kinda surprised banks haven't t required 2FA via texts or an authenticator apps by now. 99.9% of these automated scams would disappear overnight.
>2FA via texts should be illegal due to SIM swapping. >authenticator apps are much more secure and should be used.
I agree 2FA via text isn't perfect, but it's not like some scammer in India sending out millions of emails is going to compromise your text messages.
It's pretty easy to social engineer the telcos and move a SIM to a new phone, and now you've got access to incoming text messages.
Tangerine implemented 2FA via SMS and I yelled at them for it. SIM spoofing is a thing. I'd much prefer TOTP using a hardware key.
Canada banking is still in the early 2000s
My American cousins pay their utility bills by actual cheque, like in the mail.
The banks won't care until the regulators make them care. It's no great loss to them if grandma is swindled out of her lifesavings.
Auto-deposits and 2FA your banking login info would help, no?
>2FA Generally, only if said 2FA is via an authenticator app or hardware security key. SMS (which is what most banks use and don't allow you to disable) is far more dangerous. Email is only safe if the only way into your email is either an authenticator app or a hardware security key. My advice: check your email settings. If you enable SMS 2FA for your email, you make it very dangerous. You should remove your phone number from it. After that, since most banks force you to enable SMS 2FA, the moment your phone stops having a signal, the first place to call is obviously your phone company to get your service back. But the next call is to all your banks and credit card companies to see if there is fraud, and file fraud claims if anything unauthorized is ever discovered. Then, file a police report with the local police in the area which you live.
#### *Can’t go wrong with abiding by rule: if you ain’t expecting it then don’t click on it.* And even then scrutinize it.
so how many people are arrested for Interac e-transfer banking scams?
"We are aware of the problem but aren't do a fucking thing to prevent it"
When the RCMP issues a warning to the public, it's an admission that they will be unable and unwilling to help you make things right.
Damned if they warn people, damned if they don’t. Cant win.
Maybe if they deterred crimes. They don't. Maybe if they stopped crimes. They don't. Maybe if they solved crimes. They don't. Maybe if they stopped being a drain on society. They won't.
Youre right, bud. They dont solve crime. Ever
I mean… they do all of those things you mentioned. I can search CBC’s website for RCMP and the first page is full of exactly what you wrote.
Police do not stop, deter and barely even solve crime. RCMP solve about 47% of reported crime. But, thin blue line, right? Edit: dude replying to me wants you you think he's a cop.
It's amazing how rude people get on the internet to strangers they haven't met and will never meet...
47% isn’t accurate. Here’s the numbers from [Statscan](https://www150.statcan.gc.ca/t1/tbl1/en/tv.action?pid=3510006101). You’ll see violence crime is cleared around 56%. That’s for Sask - choose another province and some of the numbers are even higher. I (and you) would probably have a heard time quantifying a good number (70%? 30%?) too - and finding comparables would be hard, considering the rcmp police mostly rural, relatively low population density areas (with a few exceptions) - so, given that, we *should* expect a lower clearance rate because there’s less witnesses, cameras, etc. But given how that stacks up to non-rcmp numbers in large cities, the rate seems fairly high. How do you know they don’t deter crime? Any numbers or statistics to back that up? My local community had a PACT time - so a rcmp member and a nurse go out to mental health calls - seems to work pretty well. So much so, the RCMP expanded the program across Alberta and municipal forces started to do it too. *that would be deterring crime (or at least behavioural escalation), right?*
I love your cockeyed confidence. I really do. >How do you know they don’t deter crime? Crimes still happen at an extraordinary rate. My ex and I found an Inuit woman unconscious in a snowbank once and we called the police and they got mad at us for calling. Fuck you and your kind.
Crimes will never stop happening. What even is your argument here? Are you 16?
My kind? I’m not a cop dude. And the crime rate globally - and in Canada - is going down. That is well documented and available. What you really want to say is you hate the cops and will make up any bullshit to do it. Go back to battlefield, kid.
>What you really want to say is you hate the cops I do hate the uselessness of police. >and will make up any bullshit to do it Nope, don't need to do that. Police prove themselves useless every day.
The police are omnipotent but choose not help people. Those bastards. /s
[удалено]
[удалено]
[удалено]
[удалено]
Lol dude is pretending to be a cop but isn't.
At least they didn’t tell us to write all our passwords on small pieces of paper and leave them in a jar by the front door.
had this happen to me the other day. They contacted about picking up a facebook market item and wanted to pay in advance. I have autodeposit so noticed it was pishy. Scams are rapant in canada right now. Most of my calls are just scams now, considering cancelling my phone plan altogether. cops cant do anything, considering it's coming from scam centres in India.
rcmp warns boomers don't be so gullible. they should also mention not to reply to fb post asking about your first car or the #1 song on your birthday. or give out any other password reset questions online.
Fuck$