Scam: Interac E-Transfer passwords are per-contact
There's a scam I see every once in a while that works something like this. Let's say you're buying you're buying or selling something on FB marketplace.
- The scammer comes up with a scenario where you send them an initial e-transfer but don't provide the password
- The scammer lies about the first transfer not succeeding
- They ask you to send a second transfer with a token amount as a test, with a different password
- You're somehow convinced to give the password for the second transfer
- The scammer uses the password to accept both transfers
Most banks store the e-transfer password per-contact, even if they provide a UI that makes it look like the password is per-transfer.
Tangerine tries to mitigate this by erroring out when you change the password while a transfer is still pending for the same contact.
See also:
- /r/PersonalFinanceCanada: E Transfer Security Flaw (deleted)
- /r/PersonalFinanceCanada: Raising awareness for interac fraud
- /r/scams: Seller wants me to e-transfer 2k$ without giving him the answer to the question
- /r/PersonalFinanceCanada: Scammed deposited an transfer without the password
- /r/PersonalFinanceCanada: Warning: Lost $2,000 to a TD Bank Transfer Scam When Buying a Camera!
(Updated 2024-11-09 with another link)