Phishing & Spoofing Alerts - Please Do Not Link Directly

Banking and Saving strategies, maximizing interest rates, budgeting, GICs, HISAs.
marty123
Veteran Contributor
Veteran Contributor
Posts: 2950
Joined: 23 Feb 2007 13:36
Location: Ontario

Post by marty123 »

Shakespeare wrote:Don't know about anyone else, but I just got an "Rbc Sercurity [sic] Update." from the so-called "RBC Sercurity Team".
Don't worry, they caught the guy who sent it..
User avatar
Shakespeare
Veteran Contributor
Veteran Contributor
Posts: 23396
Joined: 15 Feb 2005 23:25
Location: Calgary, AB

Post by Shakespeare »

I always get a giggle out of being asked to confirm info on an account I don't have:
Dear Valued Customer :

We recently have determined that different computers have logged in your Bank of America Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us. If this is not completed by April 11, 2009, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. In order to confirm your Online Bank records, we may require some specific information from you.

To restore your account, please Sign in to Online Banking[Link removed].
Sic transit gloria mundi. Tuesday is usually worse. - Robert A. Heinlein, Starman Jones
User avatar
parvus
Veteran Contributor
Veteran Contributor
Posts: 10014
Joined: 20 Feb 2005 16:09
Location: Waiting for the real estate meltdown on Rua Açores.

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by parvus »

Tonight I got a call, this time from Rachel. She told me that I was all paid up on my credit cards, but I could get premium loans on my credit cards at 6.9%. Many times I've wanted the pseudo-attractively voiced Rachel to tell me why she is coming out of nowhere to offer money that I don't need at rates that no one sane would pay. Since Rachel is simply a bot, I decided to linger on the line.

I got Rachel's flesh-and-blood counterpart. Let's call him Rick.

What country are you calling me from?

Rick/Rachel: The U.S.

Don't you know it's illegal to be calling me?

Rick/Rachel: Um.

How do you know about my credit card information? That's illegal too.

Rick/Rachel: We get it from Transunion and Equifax.

You know that's illegal.


Rick/Rachel: We'll take you off our list.


Yabbut:

1) This sort of interchange is supposed to be off limits, by virtue of the do-not-call registry.

2) I share information with my bank, according to PIPEDA. It is not supposed to be released to third parties.

3) Equifax and Transunion are apparently the third parties (or fourth ones :evil: ), peddling information they are unauthorized to share to lenders who have little money to spare to borrowers who have no capacity to pay, thus leading to mutual credit destruction.

4) Why aren't Equifax and Transunion registered and regulated?
Wovon man nicht sprechen kann, darüber muß man schweigen — a wit
Imagefiniki, the Canadian financial wiki Your go-to guide for financial basics
Image
marty123
Veteran Contributor
Veteran Contributor
Posts: 2950
Joined: 23 Feb 2007 13:36
Location: Ontario

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by marty123 »

parvus wrote:2) I share information with my bank, according to PIPEDA. It is not supposed to be released to third parties.
Under PIPEDA, the banks are required to inform you what they collect and to whom they give the info. They told you that on the credit app, and you agreed to it. It was in the fine print :cry:
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by Bylo Selhi »

parvus wrote:4) Why aren't Equifax and Transunion registered and regulated?
Ask your MP :twisted:
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
parvus
Veteran Contributor
Veteran Contributor
Posts: 10014
Joined: 20 Feb 2005 16:09
Location: Waiting for the real estate meltdown on Rua Açores.

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by parvus »

Bylo Selhi wrote:
parvus wrote:4) Why aren't Equifax and Transunion registered and regulated?
Ask your MP :twisted:
I was thinking of that, since, despite at least two phone conversations, the MBNA folks don't seem to get the message. Arsenal of idiocy &c.

I've actually been asked to go further, to escalate it to the finance department. I may do that.
marty123 wrote:Under PIPEDA, the banks are required to inform you what they collect and to whom they give the info. They told you that on the credit app, and you agreed to it. It was in the fine print :cry:
Thanks marty. I'm not sure how many boring lawyers' sessions I've sat through that consisted of a simple recitation of the elements of PIPEDA. And of course, the banks got around that with a blanket sign-off -- for their subsidiaries and affiliates. But I don't recollect anything in the fine print that explicitly mentioned Transunion or Equifax. This could get interesting. :wink:
Wovon man nicht sprechen kann, darüber muß man schweigen — a wit
Imagefiniki, the Canadian financial wiki Your go-to guide for financial basics
Image
marty123
Veteran Contributor
Veteran Contributor
Posts: 2950
Joined: 23 Feb 2007 13:36
Location: Ontario

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by marty123 »

parvus wrote:
marty123 wrote:Under PIPEDA, the banks are required to inform you what they collect and to whom they give the info. They told you that on the credit app, and you agreed to it. It was in the fine print :cry:
Thanks marty. I'm not sure how many boring lawyers' sessions I've sat through that consisted of a simple recitation of the elements of PIPEDA. And of course, the banks got around that with a blanket sign-off -- for their subsidiaries and affiliates. But I don't recollect anything in the fine print that explicitly mentioned Transunion or Equifax. This could get interesting. :wink:
All banks have wording such as below in their agreements...
TD, in their Cardholder Agreement wrote:At the time you begin a relationship with us and during the course of our relationship, we may collect Information including: details about you and your background, including your name, address, date of birth, occupation and other identification, all of which are required under law; records that reflect your business dealings with and through us; and your financial preferences and activities. This Information may be collected from you and from sources outside our organization.

...

We may from time to time disclose your Information to other lenders and credit reporting agencies seeking such Information, which helps establish your credit history and supports the credit granting and processing functions in general. If you have a Visa Account or other credit product with us, you may not withdraw your credit consent.
and there are also tid-bits about the bank's rights here and there, like the a worst-case-we've-got-you-by-the-balls when we wrote: Transfer of Rights: We may transfer, sell or otherwise assign all of our rights under this Agreement. If we do so, we may disclose information about you and the account to anyone to whom we assign our rights.
Once you've put the 10-page agreement together, you can pretty much summarize the PIPEDA policy in a single sentence: "We'll collect whatever info we want, give it to whoever we feel like, and you can't stop us ... even after our relationship ends"
User avatar
parvus
Veteran Contributor
Veteran Contributor
Posts: 10014
Joined: 20 Feb 2005 16:09
Location: Waiting for the real estate meltdown on Rua Açores.

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by parvus »

To close the loop: Visa/Mastercard (cards that were provided through my bankers) collected my payment information, filed it with Equifax & Transunion, who promptly sold it to MBNA (or so it appears) to solicit me, via telephone-bot messages, purporting to know my recent credit history (not especially sexy since I pay the cards in full and on time). We're into fourth parties here. This is a bigger issue than you may think.

I'm trying to figure out how to make it bigger. :wink:
Wovon man nicht sprechen kann, darüber muß man schweigen — a wit
Imagefiniki, the Canadian financial wiki Your go-to guide for financial basics
Image
User avatar
newguy
Veteran Contributor
Veteran Contributor
Posts: 8088
Joined: 10 May 2009 18:24
Location: Montreal

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by newguy »

One thing that bothered me.. well here's the story.
My gf. goes into Loblaws and a guy asks her if she wants a free grocery bag (part of the whole 5¢ thing). She says ok and offers her name. He asks "do you live at xxx", she says "yes". He prints out a paper from the computer and gets her to sign. A few days later she gets a new PC credit card in the mail. :evil:

newguy
User avatar
scomac
Veteran Contributor
Veteran Contributor
Posts: 7788
Joined: 19 Feb 2005 09:47
Location: The Gateway to Wine Country

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by scomac »

Number 1 son just received a phishing spoof e-mail purportedly from TD Canada Trust asking for verification of account details. He has no such account(s) with them. I had noticed that CIBC posted a phishing alert last week with examples of spoof messages.
"On what principle is it, that when we see nothing but improvement behind us, we are to expect nothing but deterioration before us?"
Thomas Babington Macaulay in 1830
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by Bylo Selhi »

scomac wrote:Number 1 son just received a phishing spoof e-mail purportedly from TD Canada Trust...
We get them routinely from (purportedly) all big-5 banks even though we have no relationship with most of them. It makes sense, in a weird, statistical sort of way.

Assume that each of the big-5 have about 20% market share and that many Canadians do business with more than just one of them. An e-mail blast to all addresses with domains registered in Canada is going to reach someone who really does have an account at the spoofed institution about 20% to 25% of the time. When you're blasting out millions of e-mails at a cost of essentially zero, those are probably considered good odds.

Bottom line:
1. If you get an e-mail from a financial institution with which you have no business, delete it (or flag it as spam/junk.)
2. If you get an e-mail from a financial institution with which you do have business assume it's a phishing attack. If you think it might be legit, then use your own bookmark, rather than any links in the e-mail, to login to your account (or type in the URL manually.)

BTW, TD/CT announced yesterday, "the EasyWeb URL will be changing to 'easyweb.td.com'." Presumably that's intended to thwart phishers by making it easier to remember and to type the correct URL to the legitimate website.
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
IdOp
Veteran Contributor
Veteran Contributor
Posts: 3873
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by IdOp »

I had a really funny big-bank phish email recently. Most of these kinds of spam you can tell just by looking at them that they're fake. This one purporting to be from TD Canada Trust, though, was very well done (for the most part), it looked professionally written, it mentioned EasyWeb security, and they'd even bothered to spoof the sender address to something that looked like it came from TD.

Apart from the inevitable link to a bogus site however, there was one obvious fatal flaw. At the very top of the email the title said "SCOTIABANK". Too funny :rofl:
User avatar
AltaRed
Veteran Contributor
Veteran Contributor
Posts: 33398
Joined: 05 Mar 2005 20:04
Location: Ogopogo Land

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by AltaRed »

Another example of 'how dumb can one get' that just arrived in my email.. (addressed to Webmaster no less)
RE: NOTIFICATION OF EMAIL AWARD

We are pleased to inform you of your email selection in the Electronic Promotion Draws. By random selection your email earned the grand reward from the electronic draws program.

This is a reward program for the patronage of internet services and all email addresses entered for this promotional draws were randomly selectedfrom an internet resource database of registered software and domain users.

Reference Number: HMA-1313
e-ticket number: A17-0049018
Amount: 2,500,000.00 (Two Million, Five Hundred Thousand Dollars)

You should establish contact with the Enquiry Officer using the details stated below:
Contact: Mr. David Webber
Phone: +31 626 453 477
Email: [nl based address removed]

You are required to directly contact Mr. Webber and furnish him with the following information:
Name:....... Address:........ Phone/Fax:....., Cell Phone:......,Email:....., Alternative Email:...., Occupation:...., and E-ticket number:

NOTE: It's important you initiate correspondence with Mr. Lewis within 14 days of receiving this notification.

Congratulations!!!!!!!

Esther Redding
Promotions Co-ordinator
Imagefiniki, the Canadian financial wiki The go-to place to bolster your financial freedom
ig17
Veteran Contributor
Veteran Contributor
Posts: 3418
Joined: 21 Feb 2005 20:54

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by ig17 »

Received this lovely email today. The link in the body of email looks like a genuine BMO url. When I mouse over the link, I can see in the browser status bar that it points to a phishing site.

I never had any business with BMO.
From: Bmo Financial Group <onlinesecurity@bmo.com>
To: XXXX
Sent: Wed, January 12, 2011 6:02:43 PM
Subject: Confirm Your Account Information

Dear BMO Online Banking Customer:
Online Banking Users!
This message is to confirm that your online access have been suspended due to billing error.
We will review the activity on your account with you and upon verification, we will remove any retrictions placed on your account
We hope you enjoy the ease and convenience you'll get with the ability to manage your accounts from almost anywhere you are.

To access and activate your account, simply click the link below.

[LINK REMOVED]

The entire activation should take only 5 minutes of your time. Please complete the activation by now
Sincerely,
Thank you for being a valued customer
Online Banking Team
xerxes
Contributor
Contributor
Posts: 229
Joined: 19 Feb 2005 13:47

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by xerxes »

Had a call to-day from somebody who claimed to be with Microsoft, he claimed we were having problems and wanted me to go into Microsoft and give him information.
I hung up.
User avatar
amphitryon
Contributor
Contributor
Posts: 497
Joined: 27 Mar 2005 21:34
Location: Toronto

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by amphitryon »

Just in this week:

-------- Original Message --------
Subject: [-TD Canada Trusts Alerts-]
Date: 31 Jan 2011 16:28:55 -0600
From: alerts.online3.TD@xxxxxxxxxxxxx
To: <xxxxxxxxxxxxxxxxxxxxxxxxx>


(This e-mail has been sent to you by TD Canada Trust )

Dear xxxxxxxxxxxxxxxxxxxxxxxxx (my e-mail address)

Your account security is our major concern, therefore we have currently suspended your account activities until when it can be securely restored.

REASON: Multiple Sign in errors recorded in your account.

Click here to restore your account details ( xxxxxxxxxxxxxxxxx )/(my e-mail address)


Failure to confirm your records in 24 hours may result in permanent account suspension.

Regards,
TD Canada Trust security team

© Copyright 2011 TD Canada Trust - All rights reserved.


Trouble is, I have never dealt with TD. Last week it was BMO. I wonder what the cause is - did my e-mail address show up someplace it should not have? These were the first attempts in the last three years or so.
I do report and FWD the original mail to info@antifraudcentre.ca and hope they use it.
homo sum, humani nihil a me alienum puto
User avatar
Arby
Veteran Contributor
Veteran Contributor
Posts: 3125
Joined: 20 Feb 2005 19:23
Location: Ottawa, ON

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by Arby »

The following is one of the better phishing emails I've received. The links within the email contain the correct URL for RBC as part of the link, but the RBC URL is preceded by a numeric IP address which goes to a web site in Indonesia.
Attachments
Clipboard01.jpg
User avatar
kcowan
Veteran Contributor
Veteran Contributor
Posts: 16033
Joined: 18 Apr 2006 20:33
Location: Pacific latitude 20/49

Re: Phishing & Spoofing Alerts Plus Logins

Post by kcowan »

Yahoo breach puts users of other sites at risk
Apparently all info on Yahoo has been exposed!
Yahoo Inc reported the theft of some 400,000 user names and passwords to access websites including its own, saying that hackers had taken advantage of a security vulnerability in its computer systems.
God when can we trust any of these guys...
For the fun of it...Keith
User avatar
IdOp
Veteran Contributor
Veteran Contributor
Posts: 3873
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by IdOp »

I think it's the pace of web development in general. It's usually full-glitz ahead, damn the torpedoes, don't let anything mature until we get it right.
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by Bylo Selhi »

Spoofing of a different kind, aka "social engineering" claims another victim. Strong Passwords Aren't Enough: How to to Ensure the Apple and Amazon Exploit Never Happens to You
This weekend, former Gizmodo writer Mat Honan lived every tech geeks worst nightmare: he got hacked, with all his accounts compromised and his computers wiped with no backup. The scary part: No "real" hacking was involved—all it took was a few support calls to Apple and Amazon and nearly all his most important accounts were compromised. Here's everything you need to do now to keep this from happening to you.
Actually there's one more thing you need to do: you need to do what they suggest you do now not only now but regularly. (Oh and don't leave home without your tin foil hat.)

From one of the linked articles:
What happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
Sedulously eschew obfuscatory hyperverbosity and prolixity.
gildalil
Contributor
Contributor
Posts: 19
Joined: 12 Oct 2006 19:55
Location: C.Bay BC

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by gildalil »

“Strong Passwords Aren't Enough “

Seldom do I hear “don't leave credit card info in online accounts”. Although one would think it was an adjunct of “don't give out credit card information”, I think many online shoppers, myself included, assume their info is secure.

On occasional online shopping at Amazon and Ebay, I have sent items to an address other than my own, often to a US address to save on outrageous shipping fees or a gift to my offspring's address. 

About a year ago, I logged on to Amazon, to find a 3rd recipient address in India listed. I immediately removed the India address and changed the password. 
The saving grace was that I did not have a credit card listed in the account. Now I immediately remove credit card info immediately after the transaction goes thru.

Can't do that with Paypal as they require a "verified" card (which includes a time delay), which in my case is an old card I have since cancelled. So far Paypal accepts my new card for payment, which I then delete, although I may run into difficulty when expiry date on the verified card is reached. I may then have to use a $500 limit card as the verified card.
User avatar
IdOp
Veteran Contributor
Veteran Contributor
Posts: 3873
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by IdOp »

CRTC fines India telemarketers, puts foreign operators `on notice'
Telemarketers [sic] from India who called Canadians and offered them virus protection for their computers have been fined by the country's telecommunications regulator as part of an international effort to put an end to a scam that has seen many people hand over control of their computers.
(This topic was recently discussed in another thread, but I think this link fits better here.)
User avatar
kcowan
Veteran Contributor
Veteran Contributor
Posts: 16033
Joined: 18 Apr 2006 20:33
Location: Pacific latitude 20/49

Re: Phishing & Spoofing Alerts - TD EasyWeb

Post by kcowan »

I had a bad experience with TD EasyWeb last week. Here is an excerpt from a letter to their CEO:
Excerpt wrote: But this week I became disgusted with your Fraud Detection Unit and wanted you to be aware of how your service looked from my perspective. I have 2 business partners in a joint venture. There was a cash call which they handled but then I had to reimburse them. On Wednesday October 17th, I initiated an Internet email transfer for $NNNN to one of the partners. I was aware of daily limits but when I tried to send the next transfer of $NNNN the following day, I was advised to call the bank. I did so and was told that the $3000 limit applies for 24 hours. So I waited until 24 hours had passed and initiated the second transfer successfully on Oct 18th.

I advised partners and they tried to complete the transfer without success. Two hours later I received a telephone call from an Unkown Name/Unkown Number. Because of phone solicitations, I let the answering machine pick up. Then the caller blathered on it rapid fire about this being the TD fraud detection unit. So I picked up and I asked him to repeat the information and discovered it was a robocall. I never talk to people calling claiming to be with my bank. I always call back.

So I called TD and asked to be connected to their fraud squad. The lady who answered insisted on the case number. I explained the situation regarding our call screening process and that I did not remember the number quoted. She said she could do nothing more and that I would have to go to my branch. I asked her to just call my number again because I was here and would answer. She was totally inflexible.

So I have visited the branch because my online access was suspended. Got everything sorted out. So far I have spent over 90 minutes on this issue and my partner has also wasted 60 minutes without getting the transfer of funds...
It is still going on, not yet resolved...and a reason why my participation as a Regent was hit and miss.
For the fun of it...Keith
tedster
Veteran Contributor
Veteran Contributor
Posts: 8515
Joined: 27 Feb 2005 10:11
Location: Montreal

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by tedster »

I think I got a new one today. It tells me that Gregg Cox wants to refund me $253.57 for Invoice 174. All I have to do is log into my Intuit Payment Network. Of course I do not have one. They will pay my credit card or bank. :rofl: Really conveniently they have provided me with a link. I suppose some people fall for this?

I regularly get phishing emails for banks which I send to the banks, nothing stops.
User avatar
parvus
Veteran Contributor
Veteran Contributor
Posts: 10014
Joined: 20 Feb 2005 16:09
Location: Waiting for the real estate meltdown on Rua Açores.

Re: Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by parvus »

IdOp wrote:CRTC fines India telemarketers, puts foreign operators `on notice'
Telemarketers [sic] from India who called Canadians and offered them virus protection for their computers have been fined by the country's telecommunications regulator as part of an international effort to put an end to a scam that has seen many people hand over control of their computers.
(This topic was recently discussed in another thread, but I think this link fits better here.)
Apparently the Indian fraud has become so familiar in Canada that Subaru marketers are taking advantage of it, having their spokespeople speak back to the Indian telemarketers to offer a deal on a car ... and saying shall I call you back at a more convenient time, like suppertime.

Quite funny!
Wovon man nicht sprechen kann, darüber muß man schweigen — a wit
Imagefiniki, the Canadian financial wiki Your go-to guide for financial basics
Image
Post Reply