Charlie Wang

Scam: Interac E-Transfer passwords are per-contact

There's a scam I see every once in a while that works something like this. Let's say you're buying you're buying or selling something on FB marketplace.

  1. The scammer comes up with a scenario where you send them an initial e-transfer but don't provide the password
  2. The scammer lies about the first transfer not succeeding
  3. They ask you to send a second transfer with a token amount as a test, with a different password
  4. You're somehow convinced to give the password for the second transfer
  5. The scammer uses the password to accept both transfers

Most banks store the e-transfer password per-contact, even if they provide a UI that makes it look like the password is per-transfer.

Tangerine tries to mitigate this by erroring out when you change the password while a transfer is still pending for the same contact.

Screenshot of Tangerine warning message when trying to send an e-transfer with a changed password while a transfer is still pending for the same contact

See also:

More posts