Archive for May 14, 2022

WARNING: A Text Message #SCAM Involving The CRA Is Making The Rounds

Posted in Commentary with tags on May 14, 2022 by itnerd

Another day, another scam. This one involves the CRA or Canada Revenue Agency. It is delivered via text message and looks like this when it hits your phone:

I left the phone number in place so that you can compare it to this screenshot if you get a text like this. Some comments about this text:

  • The CRA will never contact you in this manner. For more details about how the CRA might contact you, this link will help you with that.
  • I replied HELP and a web link immediately appeared. That implies that this is an automated scam and suggests a high degree of skill from the scammers.
  • The phone number originates from Central Michigan based on the 989 area code. Which should make you think that this is a scam.

If you click on the web link, you see this:

There was actually a captcha present. I am guessing that this is here to add to the impression that this website is legit. Another sign that these scammers have some skill. Next up is this:

You’re prompted for your social insurance number. And the website that you’re sent to looks very much like the actual CRA website. Thus I can see how people might be fooled by this. But if you look at the URL at the top of screen, it’s clearly not a Government of Canada web site. Here’s a closer look:

This is clearly a scam based on this URL. But I wanted to dig into this more, so I entered a bogus number that was nine digits in length. That’s important as social insurance numbers are nine digits long and this is what I got:

The spinning wheel that you see here is the same behaviour as the actual CRA website. Again, this suggests a high level of skill from the scammers. Though I do note that it doesn’t seem that they are validating the number that is entered. That implies that grabbing social insurance numbers is not the scammers end game.

You are then take to this page:

Clearly this is the end game for the scammer which is to steal your banking details. I picked my bank which is CIBC and got this:

Another sign that this scam is run by people who have a high degree of skill is that this website looks just like the CIBC website. Though that falls down a bit because the URL at the top has not changed. You would think that it would go to something with “CIBC” in it. But it doesn’t. #FAIL.

The skill of the scammers is highlighted by this when I tried to enter a bogus card number:

This website actually checks for the validity of the card number. I have to give it to whomever who is behind this scam. Unlike most of these scams where they don’t do any of this, these guys are trying to get accurate info so that they don’t waste their time capturing bogus card numbers and passwords. That way they are more likely to score in terms of being able to drain bank accounts. If they also get a valid social insurance number, that’s a bonus.

Because of this, I wasn’t able to go any further to investigate this scam. But it shows that these scams are getting better and better. Which means that you need to really have to have your head in the right place to avoid getting scammed. Thus consider yourself warned.