Posted in Commentary with tags Scam on April 8, 2023 by itnerd
Yesterday I came across a new phishing email that targets customers of Desjardins which is a financial services group here in Canada. It starts with this email hitting your inbox:
So let’s dissect this a bit. There’s the usual hallmarks of a scam email which is that something that you might use is being disabled or restricted. And there’s a call to action to make you do what the scammers want you to do. In this case you need to act within 24 hours to avoid “full online suspension.” The quality of the English is sketchy, but not not the worst that I have seen in scam emails. However, the key thing that says that this is a scam is this:
This isn’t a Desjardins email address as Desjardins.com is how their emails addresses end.
So what is the scam? It’s a phishing scam to grab your banking credentials along with some other information. Let me illustrate:
If you click on “Verify Now” which by the way you should never ever do, you are presented with a CAPTCHA and the thing is, it works:
I actually spent some time playing with this and if you select anything other than the pictures that it wants you to pick, it won’t let you in. That suggests to me that someone spent a lot of time and effort to make this as convincing as possible. But if you’re paying attention to the URL, this should make you run in the other direction:
Clearly this isn’t a Desjardins website. And like I said, that should make you run in the other direction and close your browser. But since I spend my time writing about these scams, I am going further down the rabbit hole:
You’re next taken to a login page which has you enter your banking credentials. The threat actors behind this part didn’t even try to validate if the credentials are accurate. And you cannot change to English which implies that the threat actors couldn’t be bothered to create an English version of this page, or they are strictly targeting French speaking people as Desjardins is based in Quebec which is a French speaking part of Canada. Once you enter your credentials, you’re presented with this:
So not only do the threat actors want your banking credentials, but they seem to either want your security questions too, or they want to continue to make this phishing website as convincing as possible. The thing is that they don’t stop there:
The threat actors now want to grab your personal information. Perfect for an identity scam or two. But they’re not done yet:
They want to snag your debit or credit card too. I have to admit that the threat actors have put in a lot of work into this. While I wasn’t able to go beyond this point because the threat actors actually try to validate this information, I think you get the point. This is a decently executed phishing scam. But I’ll be informing Desjardins about this and hopefully they can shut this down. In the meantime, if you get this email in your inbox, delete it and move on with your life.
First, let me explain what Substack is. Substack is a website that lets independent writers and podcasters publish directly to their audience and get paid through subscriptions. And that apparently is some sort of threat to Elon Musk for reasons I will get to in a moment, because if you like, reply, or retweet to tweets that contain links to Substack posts, none of those will work:
After those reports surfaced, between Thursday night and Friday morning, Twitter apparently began to restrict promotion and visibility for tweets with links to Substack posts. New tweets linking directly to Substack.com can still be tweeted, but trying to retweet or like those tweets via Twitter’s website results in an error message saying, “Some actions on this Tweet have been disabled by Twitter,” while doing the same from within its apps or TweetDeck appears to work while failing silently.
Yep. Once again Elon hasn’t got the stones to compete straight up with anything Twitter competitor. Instead he just simply disables the ability to do Tweets with links to another company in the Tweet. What a loser he is. At some point, this sort of behaviour is going to come back to bite him. It’s a matter of when, not if that happens.
There Is A Desjardins Phishing Email #Scam That You Need To Be Aware Of
Posted in Commentary with tags Scam on April 8, 2023 by itnerdYesterday I came across a new phishing email that targets customers of Desjardins which is a financial services group here in Canada. It starts with this email hitting your inbox:
So let’s dissect this a bit. There’s the usual hallmarks of a scam email which is that something that you might use is being disabled or restricted. And there’s a call to action to make you do what the scammers want you to do. In this case you need to act within 24 hours to avoid “full online suspension.” The quality of the English is sketchy, but not not the worst that I have seen in scam emails. However, the key thing that says that this is a scam is this:
This isn’t a Desjardins email address as Desjardins.com is how their emails addresses end.
So what is the scam? It’s a phishing scam to grab your banking credentials along with some other information. Let me illustrate:
If you click on “Verify Now” which by the way you should never ever do, you are presented with a CAPTCHA and the thing is, it works:
I actually spent some time playing with this and if you select anything other than the pictures that it wants you to pick, it won’t let you in. That suggests to me that someone spent a lot of time and effort to make this as convincing as possible. But if you’re paying attention to the URL, this should make you run in the other direction:
Clearly this isn’t a Desjardins website. And like I said, that should make you run in the other direction and close your browser. But since I spend my time writing about these scams, I am going further down the rabbit hole:
You’re next taken to a login page which has you enter your banking credentials. The threat actors behind this part didn’t even try to validate if the credentials are accurate. And you cannot change to English which implies that the threat actors couldn’t be bothered to create an English version of this page, or they are strictly targeting French speaking people as Desjardins is based in Quebec which is a French speaking part of Canada. Once you enter your credentials, you’re presented with this:
So not only do the threat actors want your banking credentials, but they seem to either want your security questions too, or they want to continue to make this phishing website as convincing as possible. The thing is that they don’t stop there:
The threat actors now want to grab your personal information. Perfect for an identity scam or two. But they’re not done yet:
They want to snag your debit or credit card too. I have to admit that the threat actors have put in a lot of work into this. While I wasn’t able to go beyond this point because the threat actors actually try to validate this information, I think you get the point. This is a decently executed phishing scam. But I’ll be informing Desjardins about this and hopefully they can shut this down. In the meantime, if you get this email in your inbox, delete it and move on with your life.
2 Comments »