Scam alert: Cyber security expert warns of possible e-transfer scam that can cause 'chaos' for victims

A cyber security expert is warning about a possible e-transfer scam that puts money in your bank account — with an unfortunate catch.

A cyber security expert is warning about a possible e-transfer scam that puts money in your bank account — with an unfortunate catch.

A recent Reddit post details a person who received an email informing them that $1,000 was deposited into their account. When they checked their account, the money had indeed been transferred. The poster has auto-deposits turned on, so no further action — like a password to initiate the deposit — was needed on their end. The user, whose name is Nightshade_1302 on Reddit, was unsure if they should contact their bank about the money, leave it there in case it gets clawed back, or use it as if the money was theirs.

Terry Cutler is the CEO of Cyology Labs, a cybersecurity and data defence firm in Montreal. He says it is crucial to be familiar with this particular e-transfer scam.

A person could receive an e-transfer from an unknown person and for no apparent reason. Then the recipient gets a follow-up email from that unknown person detailing a possible "sob" story that involves them urgently needing money back to deal with an emergency.

“You should be advising the bank so they can confiscate the money or send it back, depending whose account it came from,” Cutler tells Yahoo Canada.

It can cause chaos for the individual.

The email that accompanied the e-transfer will often have a link intended to transfer back the money, through the bank account. This will work as a phishing email to acquire the victim’s personal banking information. The link and fields to enter will look normal, but once you input your credentials, they will be recorded by the nefarious party.

“When they do that, (the victim is) actually transferring over their credentials as well,” he says.

Cutler warns not to follow the instructions that come from the sob story email. Instead, contact your bank immediately.

If the e-transfer is deposited, Cutler says the money doesn’t belong to the targeted person who received it. If the bank isn’t alerted of the incident, Cutler says the scammer can take advantage and report the victim's account for fraud.

“It can cause chaos for the individual, so the bottom line is to work with the bank,” he says.

If the victim accepts the e-transfer is the accompanying e-mail, their account is considered compromised. Once the bank is notified, they will likely issue the person targeted a new account and bank card.

In order to avoid this scam in the first place, Cutler says it’s important to have two-step verification turned on with all accounts, along with strong passwords.

He adds that the victim’s compromised debit card and email were likely found on the dark web.

“It is not safe to accept a random, unsolicited payment from an unknown source as there is always the possibility of fraud," a statement from the Canadian Bankers Association (CBA) to Yahoo Canada reads.

"If an unexpected deposit is spotted, please contact your bank immediately. Instead of sending the money back to the unknown source, stop all communication with the unknown sender and gather records you have on the transaction," the CBA, a trade association representing Canadian banks, added.

In the Reddit thread, many commenters warned of the e-transfer scams though some shared stores of sending or receiving money online to the wrong email address.

“I accidentally hit the wrong button once and sent a couple grand to someone I'd bought a table off of 6 months earlier,” user Constant_Sky9173 wrote.” Luckily, he was cool once we got ahold of each other, and he sent it back.”

“My wife once sent $650 to a tattoo artist. Turns out she sent it to the wrong email because of a typo,” user improyo wrote. “The guy who received was a very nice Catholic priest on the east coast who sent it back. Mistakes sometimes do happen. But be careful.”