I Was Targeted In A Rogers Phone #Scam… And This One Is Pretty Scary

Earlier this week I told you about an email scam that was using the name of Canadian telco Rogers to make you more likely to fall for it. That scam was pretty bad. But on Friday, I came across an even worse scam that uses the Rogers name.

I got a phone call that had a caller ID of “Rogers” with an area code that started with “888” which is likely spoofed. Now my wife and I haven’t been with Rogers for just over a year, but I decided to pick up the call anyway. When I did a woman asked for my wife. That made sense because the Rogers account was under her name. I told the woman that I was her husband and she could speak to me. That’s when things got interesting. The woman told me that she was calling from “Rogers Customer Loyalty” and our Rogers account was selected as part of a promotion.

This is when I started to get suspicious. Like I said earlier, we haven’t been with Rogers for just over a year. So while I can see a scenario where Rogers might call us to try and get us back, there’s no department within Rogers called “Rogers Customer Loyalty” that would do that. Thus I was starting to think that this was a scam. Normally, this is where I would suggest that you hang up. But I wanted to confirm my suspicions, so I played along.

The woman then said that the promotion in question was that Rogers wanted to give us a free iPhone 14 Pro Max with a 35GB data plan for $50 a month. That really started the alarm bells ringing because Rogers to my knowledge never gives away free phones. Not only that, they don’t as far as I know have a 35GB data plan for $50 a month. Thus I was really thinking that this was a scam. Again, instead of hanging up, I played along.

First they wanted to confirm some information. And the information that they offered up was my wife’s email address and name. Then they wanted me to confirm the order by sending me a six digit verification code.

Ding! This confirms that this is a scam.

What the threat actors are up to are getting access to your Rogers account using your email address so that they can order an iPhone of some description, ship it to some location where this phone and every other phone from anyone who fell for this scam is then shipped to some other country for resale. Likely India given the fact that the person who called me had an Indian accent. The other possibility is that you do get the phone, but they they will call you on the day that you get it and say that they messed up and you need to send the phone back. They’ll email you a “return label” that simply sends the phone to a location from where they can forward the phone overseas. In either case, you get stiffed with the bill for the phone. The threat actors need the six digit verification code to get into your account because Rogers has moved to using using two factor authentication in order to stop threat actors from brute forcing their way into your account.

At this point I hung up, but here’s what concerned me. The threat actors clearly have acquired some accurate information that allows them to perpetrate the scam. It makes me wonder if Rogers had some sort of data breach where this information ended up in the hands of threat actors, or did they use a third party call centre who has a copy of this data and are now using this information for evil purposes? I don’t know for sure. But given that they called me with some very accurate information, the question has to be asked.

So if you get a call like this, what should you do? This is what I suggest:

  1. Hang up and call into Rogers using one of the phone numbers on the Rogers website. The person that you speak to will instantly be able to tell you if you have any offers on your account. Chances are that you don’t have any offers, or not ones that fit this description. Thus validating that this is a scam They may also put a fraud alert on your account for your protection. At the same time, you should also confirm that no changes have been made to your account.
  2. Never, ever give the threat actor the six digit verification code. They may say things to convince you that it’s okay to give them the verification code, but they are lying. No Rogers employee would ever ask for this code. Ever.

A suggestion that I have is that if you get a call like this, you should change the email address that your Rogers account uses. That way you can spot scams like this easier.

In my research for writing this story, I have not heard of a similar scam that targets Bell or TELUS customers. Nor any other telco in Canada. But a Reddit thread that I found seems to validate that I am not the only person who got a call like this. Thus this seems to be strictly targeted towards Rogers customers which adds some weight to the fact that the threat actors clearly have some information to allow them to target Rogers customers. Thus I have to wonder what Rogers is doing to investigate this and address this as this is clearly a threat aimed at former and current Rogers customers. Given the scale of this issue, Rogers needs to say something. And the sooner the better. In the meantime, watch out for this scam.

4 Responses to “I Was Targeted In A Rogers Phone #Scam… And This One Is Pretty Scary”

  1. […] I wrote about being the target of a phone scam using the Rogers name. Well, I had a reader of this blog reach out to me last night to say that he had been targeted in […]

  2. […] the last month I have reported on a Rogers phone scam, and a TELUS phone scam that target customers of both telcos to scam the unwitting out of phones. […]

  3. So the scammers have people working inside the company. No data breach. I got a call like that and I followed through. I used to work for rogers hence knew inside n out of what they are doing. I reported them and rogers track every interaction via thier system. They dispatched the phone to me and I just sent it to the the actual warehouse instead the address they give…
    And yes they are all Indian scammers doing this.

    • If someone inside Rogers is using customer information to scam people, it’s still a data breach as per this:



      “A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so.”

      The “altered or used by an individual unauthorized to do so” part is relevant to this discussion.

Leave a Reply

%d bloggers like this: