Businesses recieving payment by Interac Email Money Transfer

I had my first email money tranfer payment a while ago and deleted it by accident probably thinking it was spam because the person didn’t tell they paid that way, and I called the bank to see how secure this is, and they confirmed the procedure and that it is safe.  The only way I knew about this was when I called to ask for payment on an outstanding invoice and they said they already paid via email.  I thought, what?  You can’t pay invoices by email?  But then I found out, yes, it’s a new feature with the banks and I must have deleted his payment thinking it was spam.

The only problem I see with this is you have to click the link to receive the payment and it takes you to your bank account where you can then type in your bank number and password.  I don’t like this for a couple reasons.  One problem is there are so many scams out there where people get emails saying something about their bank account having a problem, or whatever and they need to click the link to log into their bank and fix the issue.  The link seems to work, it goes to your login page, your login works and you can see your bank info.  Everything seems fine, however, they just grabbed your bank info and your account is now comprimised.

This email money transfers work similar which will make it difficult when people are receiving emails unless they know it truly came from that client.  Many people spoof emails and that makes the email appear to have come from someone you know but it it didn’t really come from them.  This is really bad because you believe it’s real and move forward with the instructions, next thing you know you’re a victim.

The other problem I had, I’m used to logging in with my personal account, then switching views to see the busness.  This way, I don’t have to remember both bank numbers.  The problem I have is I logged in with my personal account, as usual, but the options for me to choose which bank account to transfer my clients payment to didn’t include the business bank account.  All I could do was decline the payment and put a note in there saying, “Sorry I logged into the wrong bank account”.  They had to resend payment which was frustrating for them I’m sure, and also the fact I had to bother them with a phone call about it, when the secret answer was one I would have known anyway.  I just had to call to confirm it is real, and because I screwed up and logged into the wrong bank account, I had to get them to send payment again.

Most people click links and do online banking without thinking twice about it.  Don’t get me wrong, I’m up to date with the latest technology, but just because I’m in the business, doesn’t mean I have to use it if I feel it is a potential threat.  As long as these payments are being transfer via links in email, there’s a connection where someone can hack this payment process and comprimise both our accounts.  Online payments are fine, but if you send payment to someone by email; your bank account is connected via a link, that sends by email, which then goes from your email to my email, now linking via my computer which either of us could have a virus to begin with, and then linking to my bank account, now both our bank accounts and email addresses are linked and if someone intercepted this transmission, which happens out there in the online world, we could both have our bank accounts comprimised.

Technology is supposed to make life easier, but instead, with something like this, it’s putting us more at risk and costing more time having people like me call to confirm it’s real.  An alternvative to this, you can always tell your clients, you do not use this method of payment.  Some hackers out there realize the risks and so even them, with their highly technical skills, they do not do any form of online banking.  That has to mean something when hackers refuse to do banking online!  Stay safe my friends.

Update November 3rd 4:00pm – You’re not going to believe this.  Click the picture to make it bigger and read below.

Here’s an example of an email I just got today from someone trying to pull this very scam on me that I talked about in this blog 9am this morning.  Maybe it’s a co-incidence, maybe I’ve been targeted after writing about it, but either way, I was able to trace the IP address it came from to the host provider, which then traces it back to the individual customer of theirs, and then we can bust them for trying to hack my bank account.  If you hover over any link in an email you recieve, you can see if it points to the same address or not.  You can see in the image here (click to make it bigger, then hit the back button on your browser to come back here) if you hover over the link for the legit site name, it says it’s going to some ip address instead.  Also, since I don’t recognize the name or the amount, and there is no email address for the guy that tells me who it is, plus the fact that my Outlook program identified it as a potential phising scam at the top, it makes it clear to me it is a scam.  So obviously I didn’t click the link.  What I did do, is a reverse lookup on the ip address, determined it was a customer from and I reported it to the abuse email they have and we’ll see about next steps from there.  This is no different from email you get claiming to be from your bank and asking you to click a link.  I always said, you bank would never send you an email, so just don’t click on any links.  With this new service to email money transfer, apparently it is safe, but you need to still be careful you know who it is from, and it truly came from them, otherwise you could be clicking on a scam like what I got.

As an Ex-Law Enforcment officer, I’m here to bust these people. Saving the world from cyber crime, one criminal at a time…