Rogers Is The Target Of An Email #Scam…. And It’s Pretty Lame

I have to say that this phishing email which was brought to my attention by a reader of this blog is one of the worst phishing emails that I have even seen. This specific one is aimed at Rogers customers and here it is (click to enlarge):

Let’s dive in. It’s playing on the fact that Internet Explorer 8, or “the old version (IE) 8” is not supported anymore, and it’s trying to get you to upgrade your browser by logging into their phishing site using your Rogers ID. It tries to get you to do this by saying that you have 48 hours to do so. Otherwise your access to your account will be “restricted”. Creating a sense of urgency is a common tactic in phishing emails of this type.

Where this email falls off the credibility cliff is that it says this:

Protecting your information is important to us and we work continuously to strengthen our security against the threats targeting our Financial Institution.

Umm…. While Rogers does own a bank, this is targeted at their Internet users and not their bank customers. So it’s as if the rocket scientist behind this scam couldn’t decide what they were targeting, or they didn’t sweat the details.

But just for fun, I decided to go down the rabbit hole to see what their phishing website looks like. And here it is:

You’ll note that at the top, the URL or website address doesn’t go to Rogers. It goes to square.site. Which means someone set up a website on the Square platform to pull this scam off. Though the existence of this site may be short lived as I’ve informed Square about this and I suspect that it will be taken down shortly. The next thing that you’ll notice is that I entered some text in the email account and password section. Another hint that this is a scam is that the password is not not masked, as in you can see it in plain text which is not how passwords fields work. I suspect that this is the case because clearly the scammers behind this are too stupid to know how to do that. But just for fun, I pressed next and got this:

At this point you are pwned, and the scammers are going to take over your email along with whatever websites are associated with that email. Be it bank accounts, Amazon, whatever. The thing is, this is one of the most poorly executed phishing scams that I have seen in years. While I am sure that most people would never fall for this, there are some that will. However, the fact that I am publishing this will mean that even less will fall for it. And now that I’ve alerted both Rogers and Square about this, nobody will be falling for this. In the meantime if you get an email like this, delete it and move on with your life.

Hopefully you’ve learned something from this. Even though this scam is pretty lame, dissecting how this scam works will help you to avoid more “interesting” ones.

Leave a Reply

%d bloggers like this: