A phishing campaign targeting National Bank of Canada (Banque Nationale) clients uses fake “Interac e-Transfer” notifications to steal login credentials, security questions, and OTPs. The fraudulent pages, often mimicking the official BNC portal, are designed to capture data from users in Canada and Quebec. To protect against this threat, users are advised to enable Interac Autodeposit and verify the URL for signs of a scam.
Target: Customers of National Bank of Canada (Banque Nationale du Canada)
Threat Level: Critical (Banking Access & Funds Theft)
Phishing Method Description
This attack leverages the popularity of Interac e-Transfer in Canada. Scammers send a text message (SMS) or email stating that a “Refund,” “Government Rebate,” or “Payment” is waiting to be deposited.
The link leads to a sophisticated Brand Impersonation page that mimics the National Bankโs “Telnat” or “EasyPay” login interface. The fake site is designed to capture:
Access ID / Username
Password / Secret Question Answers
Direct Deposit Information
Card Number and Expiration Date
โ ๏ธ Red Flags to Watch For
Lookalike URL: The official domain is nbc.ca (or bnc.ca). Phishing sites use deceptive addresses like nbc-verification-login.com, nbc-interac.online, or client-bnc.net.
Unexpected Money: Be suspicious of any notification for an e-transfer you weren’t expecting. If you didn’t sell anything or aren’t expecting a specific rebate, itโs likely a scam.
The “Deposit” Trap: Real Interac e-Transfers allow you to choose your bank from a list. Phishing pages often take you directly to a pre-selected fake login page for one specific bank.
๐ก๏ธ How to Protect Yourself
Set Up Autodeposit: This is the best defense. If you have Interac Autodeposit enabled, any legitimate transfer will go straight into your account without you needing to click any links or answer security questions.
The SMS Sender Check: Official alerts from National Bank usually come from short codes, not standard 10-digit mobile numbers. If the sender looks like a personal cell phone, delete the message.
Access via Official App: If you receive a notification, don’t click the link. Open your official National Bank (BNC) mobile app directly to check for any pending transfers or messages.
Report Phishing: You can forward suspicious SMS messages to the short code 7726 (SPAM) to help carriers block the sender.