CAFT website spoofing
Late on October 31st, 2023 we were advised by our payments partner that a Customer Automated Funds Transfer (CAFT) spoof website was discovered, which has the potential to put our members at risk of fraud if they clicked the fraudulent link. In an abundance of caution, we took immediate action to lock all CAFT accounts.
Steps to take
- If you have not yet called us on or after November 1st to reset your password, you will need to do so in order to access the CAFT account.
- Once logged in, we encourage you to review your recent transaction history. If anything looks suspicious, contact us right away.
Additional details
- Website spoofing is when attackers set up a fraudulent website that looks nearly identical to a legitimate one to exploit users. Their goal is to redirect unsuspecting users to this spoofed website to capture their credentials, payment, or other personally identifiable information.
- Attackers will usually redirect traffic through email or text messages posing as a legitimate business, or by posting malicious advertisements on search engines. These messages contain links to the spoofed site.
- In this case, the spoofed site has the following URL caft-paymentsanytime.com. The legitimate CAFT site address is caft.paymentsanytime.com. Please note the key difference in the spoof site is the use of a "dash" between CAFT and payments (caft-payments). If a CAFT user logs into the spoof site, user ID and passwords may be compromised.
Recommendations to protect yourself
- Update your password regularly: A good practice is to update every 3 to 6 months. Do this for all users who have access to your originator
- Use a strong password: Create a unique and complex password with a mix of uppercase and lowercase letters, numbers, and avoid using easily guessable information like your name, birthdate, or common words
- Pay critical attention to URLs: Beyond the one spoof site, others may exist! Ensure you are using the correct URL: caft.paymentsanytime.com
- Never communicate or keep a copy of your CAFT User ID and password in your email account: A common way of gaining illegitimate access to a financial account is through the discovery of this kind of sensitive information within a compromised email account. Enable multi-factor authentication on your email account, if available: An example of MFA is when you must also enter a security code sent to your phone whenever you attempt to log in from a new device.
- Beware of phishing attempts: Be very cautious of unsolicited emails asking for your login credentials. Double-check the sender's email address and look for suspicious links or attachments. Even if an email appears to be coming from a legitimate sender, if it involves changes to banking information, attempt to verify via another communication method (e.g., phone call)
- Log out of shared devices: Always log out of your accounts when using public or shared computers or devices. If possible, avoid using public wi-fi for sensitive activities
For more information contact us at 1.800.728.6440 or visit Cyber Security CAFT User Guide
FAQs
How will I know if I was impacted?
At this time, we are not seeing that the correct CAFT site has been compromised. Only CAFT users that logged into the spoofed site have potential for impact. The legitimate CAFT site is caft.paymentsanytime.com. If you suspect you may have fallen victim, we recommend changing your passwords immediately and contacting us for assistance.
What should I do if I see something suspicious in my account?
If you discover a suspicious file in your transaction history, please provide us with the details immediately.
Who is responsible?
At this time, there is no indication that this is a CAFT system vulnerability issue. Cybersecurity is a responsibility we all share. Website spoofing, as well as email and text message fraud, is becoming increasingly common and sophisticated. We make every effort to monitor and track suspicious websites and, when discovered, we take all necessary steps to protect our members.
For your part, we recommend you:
- change your passwords often, and use strong passwords
- operate with extreme caution before clicking any link sent to you by email or text
- check the URL in your browser before you login to any site, and check it every time, to ensure you are on the correct website.
- consider bookmarking sites so that you know you are going to the same site every time
When were you notified?
SCU was notified late on October 31st, 2023.
Why did you lock my account?
After discovering that the CAFT site had been spoofed, we made the decision to lock all CAFT users out of their accounts in an abundance of caution. This means all CAFT users will need to call and verify their identity before having their password reset. We felt this was an important and necessary step to protect our members.
If you not have yet called us on or after November 1st to reset your password, you will need to do so in order to access the CAFT account.
If you not have yet called us on or after November 1st to reset your password, you will need to do so in order to access the CAFT account.
Am I still at risk, even if I reset my password?
Resetting your password is the most important first step to protect yourself. Then, always be vigilant about not clicking links unless you can verify they are from a trusted source.
How can I ensure this won’t happen to me again in the future?
Follow good web practices, such as changing your password regularly, using strong passwords, and turn on multi-factor authentication. We also recommend taking the following actions:
• Activate features built into the CAFT system that help mitigate risk—such as establishing limits on transactions and file amounts and enabling dual authorization.
• Don’t click on a link that was provided in an unexpected email.
• Activate features built into the CAFT system that help mitigate risk—such as establishing limits on transactions and file amounts and enabling dual authorization.
• Don’t click on a link that was provided in an unexpected email.
How is SCU protecting members?
It’s important to note that SCU, and the CAFT system itself, were not comprised. That being said, we take member security and the protection of personal information seriously.
Our first step was to lock all CAFT accounts as a precautionary measure, and to require that members contact us to reset their passwords. This allows us to confirm each member’s identity before granting access.
Moving forward, we encourage members to protect themselves and we provide resources such as our Fraud Prevention Resource Centre and our Cyber Security CAFT user guide to share best practices and helpful tips our members can use.
Our first step was to lock all CAFT accounts as a precautionary measure, and to require that members contact us to reset their passwords. This allows us to confirm each member’s identity before granting access.
Moving forward, we encourage members to protect themselves and we provide resources such as our Fraud Prevention Resource Centre and our Cyber Security CAFT user guide to share best practices and helpful tips our members can use.
Will you update me when the spoof site has been taken down?
Unfortunately, hackers work diligently to create these spoof sites, and when one is successfully taken down, they immediately begin working on new ones. Having said that, we do make every effort to monitor and track suspicious websites and are committed to doing our part to protect our members.