Oh Look… A Revenue Canada Email #Scam Is Making The Rounds… Let’s Dive In And See What It’s All About

I swear, there more scams these days than Elvis impersonators in Vegas. This time it’s Revenue Canada who is being used in a scam. And that scam starts with this email:

Now right off the top, this email caught the attention of Apple Mail that told me that it was from a mailing list. That’s a major red flag as emails from Interac would be directly addressed to you. So I new it was as scam without having to click on anything. But I did my usual due diligence and checked the email address of the person who sent this:

Interac sends transfers from notify@payments.interac.ca. So this further validates that this is a scam. But in the interest of seeing what the scammers were up to, I clicked the “Choose your financial institution” button. Which by the way you should never do after looking at the grammar and spotting the mix of French and English, and the word “october” which doesn’t have a capital. Seriously, scammers really need to use an app like Grammarly if they don’t want their scam emails deleted the second that they hit an inbox because the writing is so poor.

In any case, here’s what I got:

Ahhhh… The old banking credential phishing scam. That involves choosing your bank, typing in your credentials, and getting pwned. Then you bank account empties. And there’s lots of choice here including banks that I don’t normally see as part of this type of scam. Someone has been busy. But they really didn’t put a whole lot of time into this scam based on this:

This isn’t even close to how the actual CIBC web page looks. I’ve seen other scams where the scammer tried way harder than this to replicate the web page to fool the unsuspecting into typing in their card number and password which will allow them pwn you. Thus this will likely tip most people off that this is a scam. And the fact that I am putting this story out there will likely inform the rest to not fall for such a poorly executed scam by someone who clearly has no skills. But they did do something interesting:

The website acts like you’re going get a validation code on your phone. But you’re never going to receive it because you have just been pwned. Interesting.

So what’s the bottom line? I am guessing that because the Federal Government announced a number of new programs today including a GST credit, this scam was timed to take advantage of that. Thus if you get an email like this, delete it and move on with your life.

Leave a Reply

%d bloggers like this: