Skip to content
  1. Home
  2. Police Beat

Police warn of new variations of bank investigator scam

Fraudsters impersonating representatives of financial institutions
MidlandToday Staff
10242023debit
Stock photoPhoto by Pixabay via Pexels

Southern Georgian Bay OPP and the Canadian Anti-Fraud Centre (CAFC) are warning people about a new variation of the bank investigator scam.

Police say fraudsters are impersonating representatives of financial institutions and claiming the victims’ bank accounts have been compromised.

“Fraudsters will convince victims that in order to protect their account until a new debit card is issued, the victim must send an Interac e-transfer transaction to their own cellphone number,” police said in a news release. “The suspect will instruct the victim on the steps required to add themselves as a payee and to increase their daily Interac e-transfer limit to $10,000. (Note that the maximum amount that a sender may send through the Interac e-transfer network may vary depending on the sender’s financial institution. Interac will automatically refuse to complete any payment by a sender above the limit established by the financial institution.)”

The fraudster provides the e-transfer question and answer, which the victim must use for the transfer. Once the victim sends the e-transfer transaction to their own cellphone number, they will be asked for a code, which is the last portion of the e-transfer URL/link they received. If the victim provides the URL, the fraudster will be able to deposit the funds into their own account.

“In some cases, suspects are able to provide some of the victim’s personal information, which might include name, date of birth, phone number, address and debit card number, to make the call seem legitimate,” police said. “Additionally, suspects are spoofing financial institution phone numbers or are providing fraudulent call-back phone numbers, which impersonate the financial institution.”

Other variations of the bank investigator scam:

  1. Victims receive an automated phone call claiming to be their financial institution, law enforcement or, in some cases, Amazon advising there have been fraudulent transactions in their account. Fraudsters will request access to the victims’ computers to continue the “investigation.” Victims are then shown a fraudulent transaction on their online bank accounts. The suspects state they want the victims’ help in an ongoing “investigation” against the criminals who stole their money and request the victims send funds as part of the so-called investigation.

In some cases, fraudsters will add the victim as a “payee” with a fraudulent email address and advise that the victim must transfer a large amount of money in order to protect their account. The fraudsters will convince the victim they have added funds to the victim’s account, but the funds were actually transferred from their line of credit or savings account.

  1. Suspects may have the victims’ debit card numbers and passwords but cannot access their account due to multi-factor authentication protection. Suspects then contact the victims claiming to be their financial institutions and will tell them they must provide a code they receive via text message or email to confirm their identity. The code the victim provides is the multi-factor authentication code that gives the suspects full access to their bank account.

Police provided the following tips:

  • Criminals use call-spoofing to mislead victims. Do not assume that phone numbers appearing on your call display are accurate.
  • If you get an incoming call claiming to be from your financial institution, advise the caller that you will call them back. End the call and dial the number on the back of your bank debit card from a different phone if possible or wait 10 minutes before making the outgoing call.
  • Never provide details of links or URLs received via text message or email to fraudsters.
  • Don’t share codes received via text message or email with anyone. In most cases, these are multi-factor authentication codes that will give fraudsters access to your account.
  • Fraudsters will often provide the first four to six numbers of your debit or credit card. Remember that these numbers are used to identify the card issuer and are known as the bank identifier number (BIN). Most debit and credit card numbers issued by specific financial institutions begin with the same four to six numbers.
  • If your personal information has been compromised in the past through a breach or a phishing message, remember that the information can be used as a tool to make the communication appear legitimate.
  • Never provide remote access to your computer.
  • Financial institutions or online merchants will never request transferring funds to an external account for security reasons.
  • Financial institutions or police will never request you to turn over your bank card or attend your residence to pick up your bank card.
  • Enabling auto-deposits for Interac e-transfers provides an additional layer of security.

Anyone who suspects they have been the victim of cybercrime or fraud is urged to report it to police, and to the CAFC by calling 1-888-495-8501 or visiting antifraudcentre-centreantifraude.ca/report-signalez-eng.htm.