The IT Nerd

I haven’t been a customer of Canadian Telco Rogers for over a year. Thus when I got this email in my inbox, I was suspicious:

This email had me saying “this is a phishing email for sure.” And that was confirmed when I looked at the email address that it was sent from:

That’s not from rci.rogers.com which is Rogers corporate email domain. It isn’t even from rogers.com which is the email domain for Rogers Internet customers which should still ring alarm bells, but would at least be more likely to fool someone less tech savvy than I who gets this email. So, what’s the play here. Let’s find out by clicking the link which you should NEVER EVER DO:

After clicking the link, I was presented with this web page. If you look at the URL bar, this isn’t from Rogers as it doesn’t end in Rogers.com or something similar. It also has a clock at the bottom to get you to act on this “offer” if you want to call it that. You’ll also note that the website wants to send you notifications. If you’re presented with a prompt like this, you should decline to do so. I’ll show you why in a minute. What happens next is that it leads me through a survey. Here’s question 3 of 7 to illustrate this:

After you go through this nonsense, you get take to this site where you need to fill out your details:

Again, this isn’t a Rogers site. And again, you’ll note that there’s a prompt to show notifications. I put in some bogus info and got this page:

So, the endgame is that they want to get you to hand over your credit card details for a device that is supposed to be “free”. This form does validate that the credit card is active which illustrates a level of sophistication by the threat actors.

What about those requests to allow notifications? Well, seconds after I clicked allow, which again you should NEVER EVER DO, I got this:

Wow. A two for one. You get a credit card scam and a pop-up scam. I don’t see that every day. Clicking on the McAfee one got me this:

I also clicked on some of the other pop ups and got everything from gift card scams to investment scams. Clearly these threat actors are trying to get you in some way shape or form. And to add to this, all these scams go to different domains which prompt you to accept more notifications. Thus making your browser more and more of a dumpster fire. Fortunately for me, I reset my browser back to factory defaults to make all of this go away. But less savvy users may be unable to do so and fall for something or get frustrated.

The bottom line is that clearly there’s an aggressive threat actor using Rogers name to perpetrate a very aggressive scam. If you get this email, delete it and move on with your day. And I’ll be reporting this to Rogers so that they’re aware of this as well which won’t make the threat actors behind this too happy I’m sure.

This entry was posted on August 9, 2023 at 3:39 pm and is filed under Commentary with tags Rogers, Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.