Yesterday I came across a new phishing email that targets customers of Desjardins which is a financial services group here in Canada. It starts with this email hitting your inbox:
So let’s dissect this a bit. There’s the usual hallmarks of a scam email which is that something that you might use is being disabled or restricted. And there’s a call to action to make you do what the scammers want you to do. In this case you need to act within 24 hours to avoid “full online suspension.” The quality of the English is sketchy, but not not the worst that I have seen in scam emails. However, the key thing that says that this is a scam is this:
This isn’t a Desjardins email address as Desjardins.com is how their emails addresses end.
So what is the scam? It’s a phishing scam to grab your banking credentials along with some other information. Let me illustrate:
If you click on “Verify Now” which by the way you should never ever do, you are presented with a CAPTCHA and the thing is, it works:
I actually spent some time playing with this and if you select anything other than the pictures that it wants you to pick, it won’t let you in. That suggests to me that someone spent a lot of time and effort to make this as convincing as possible. But if you’re paying attention to the URL, this should make you run in the other direction:
Clearly this isn’t a Desjardins website. And like I said, that should make you run in the other direction and close your browser. But since I spend my time writing about these scams, I am going further down the rabbit hole:
You’re next taken to a login page which has you enter your banking credentials. The threat actors behind this part didn’t even try to validate if the credentials are accurate. And you cannot change to English which implies that the threat actors couldn’t be bothered to create an English version of this page, or they are strictly targeting French speaking people as Desjardins is based in Quebec which is a French speaking part of Canada. Once you enter your credentials, you’re presented with this:
So not only do the threat actors want your banking credentials, but they seem to either want your security questions too, or they want to continue to make this phishing website as convincing as possible. The thing is that they don’t stop there:
The threat actors now want to grab your personal information. Perfect for an identity scam or two. But they’re not done yet:
They want to snag your debit or credit card too. I have to admit that the threat actors have put in a lot of work into this. While I wasn’t able to go beyond this point because the threat actors actually try to validate this information, I think you get the point. This is a decently executed phishing scam. But I’ll be informing Desjardins about this and hopefully they can shut this down. In the meantime, if you get this email in your inbox, delete it and move on with your life.