On The Hook For $174K Fraud Loss ! :-( | Your stories | Discussion forum

What was not said in the linked article is the victim could have gotten key logger malware planted on their system. It is a hugely easy way for every User ID and Password to be logged and seems likely in this case since 2 financial accounts with different passwords were hacked as well as email.

Multi-factor authentication should catch such attempts because the point of 2FA is to warn (issue a notification) when a password is changed, new Bill Payee added, etc. Folks are not being diligent enough employing the security measures available to them.

Bill said
Interesting to me that both involved credit unions instead of banks.

AltaRed, I have no idea how this stuff works but it says someone took control of their computer, so if it was the malware you suggest why wouldn't the fraudster just log in to their accounts using his (fraudster's) own computer instead?  

To avoid his/her own IP address being tracked back to their personal device location?

This reminds me of a 'murder' program (actual case) where the criminal used a public library computer rather than their own to communicate....but forgot the public library had security cameras and the police were able to tie the camera footage to the date and time of communications.

AltaRed said
To avoid his/her own IP address being tracked back to their personal device location?

Also, because accessing customer account from IP address already known to the bank (from customer computer) will get much less scrutiny from the bank security systems.

Pythagoras said
Why do people keep so much liquid cash in their accounts?

I have most of my funds tied up in GICs - does that offer some protection?  

I have no idea either, and yes, GICs themselves would provide protection because GICs are non-transferable and non-redeemable in most forms.

And to posts # 5 and #6, I agree fully.

Alexandre said

1. They didn't. In one case, victim had less than $10 in their account.

2. GICs don't offer much protection in scheme used by fraudsters. Fraudsters deposited almost $300K in fraudulent cheques to victim's account. FI for some reason cleared these cheques. Fraudsters transferred these funds elsewhere. FI recovered some of these funds later. Victim is liable for the difference.  

I see. Thanks for that!

But what I still don't understand - don't all banks place a 5-10 day hold on deposits? If Steinbach cleared the cheques before they were supposed to, then aren't they at fault?

Even if the funds were on hold for the 10 days, and Steinbach cleared the cheques after the 10 days, aren't they still at fault?

If someone deposits a cheque into my account without my knowledge, and Steinbach clears that cheque, why should I be responsible?

AR said
Wealthsimple is the only financial I have that sends notification for every single transaction.   

Every bank I deal with allows the customer to set a variety of notifications at levels they wish, both for bank accounts and credit cards.

AR said
Wealthsimple also uses Flinks/Plaid to link bank accounts.

Not mandatory.

I recently joined and was unable to link my RBC account with fLinks.
I was able to do so manually. I actually prefer it that way.

This reminds me to close accounts I am not using. Having accounts with $10 balances carries outsized risks.

I don't understand how a fraudulent cheque can clear, isn't the purpose of the holding period to ensure that the cheque is legit? I don't think the victim in this case should be held liable even if her computer was hacked.

itsme said
I don't understand how a fraudulent cheque can clear, isn't the purpose of the holding period to ensure that the cheque is legit? I don't think the victim in this case should be held liable even if her computer was hacked.  

I agree. If a bank clears a fraudulent cheque that was deposited in the account without the owner's knowledge, the responsibility lies with the bank, not the account owner.