An Email #Scam Using CIBC’s Name Is Making The Rounds
There’s lots of scams out there for you to keep an eye on. And I’m adding one more to the list. That scam will show up in your inbox and look like this.
Now scams will often present a problem that requires immediate action to make you fall for it. This one is no different. Apparently my online access has been revoked and I need to “click to gain accss”. The spelling of the word access was my first hint that this was a scam email. The second was that there were two commas after the word customer. Then there’s the fact that I am not specifically named in this email. Any email I’ve gotten from CIBC as that’s my bank has my full name in it. So that’s three strikes and this email should be deleted. But there’s actually a fourth problem with this email:
This didn’t come from CIBC as the email address is wrong. The correct email address that CIBC uses is this one:
At this point, I should have deleted the email and moved on. But as you know, that’s not how I roll. So I copied the URL into the web browser on my testing computer and got this:
Now I will give the threat actor some points for registering a URL that looks like “CIBC-Online” so that you will be fooled into thinking that this is the actual CIBC website. The use of a CAPTCHA is an interesting touch as that adds a vibe that this is the legitimate CIBC website. Click on the “I’m not a robot” part and you get this:
Again, I have to give the threat actor credit here for creating a very convincing fake CIBC website. And the part at the bottom left where it says “Safe banking online, guaranteed” is a nice touch. Even though there is nothing safe about this website. One area where they failed at is the check box for “show password”. It doesn’t work. that’s a hint that this is a fake website. Though they didn’t get every aspect right. Take this for example:
They had a couple of missing images. No legitimate bank would ever let a website go online with that sort of screw up.
Another sign that this is a skilled threat actor is the fact that they had code that validates that the card number that you enter is real. That way they know if they got some valid credentials that they can use to presumably drain your bank account dry. I say presumably because this is as far as I got. But that’s as far as I needed to get to be able to document this scam and bring it to you so that you don’t fall for it. Thus as always, if you get an email that looks like this, delete it and move on with your day.
This entry was posted on March 30, 2024 at 7:03 pm and is filed under Commentary with tags CIBC, Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
An Email #Scam Using CIBC’s Name Is Making The Rounds
There’s lots of scams out there for you to keep an eye on. And I’m adding one more to the list. That scam will show up in your inbox and look like this.
Now scams will often present a problem that requires immediate action to make you fall for it. This one is no different. Apparently my online access has been revoked and I need to “click to gain accss”. The spelling of the word access was my first hint that this was a scam email. The second was that there were two commas after the word customer. Then there’s the fact that I am not specifically named in this email. Any email I’ve gotten from CIBC as that’s my bank has my full name in it. So that’s three strikes and this email should be deleted. But there’s actually a fourth problem with this email:
This didn’t come from CIBC as the email address is wrong. The correct email address that CIBC uses is this one:
At this point, I should have deleted the email and moved on. But as you know, that’s not how I roll. So I copied the URL into the web browser on my testing computer and got this:
Now I will give the threat actor some points for registering a URL that looks like “CIBC-Online” so that you will be fooled into thinking that this is the actual CIBC website. The use of a CAPTCHA is an interesting touch as that adds a vibe that this is the legitimate CIBC website. Click on the “I’m not a robot” part and you get this:
Again, I have to give the threat actor credit here for creating a very convincing fake CIBC website. And the part at the bottom left where it says “Safe banking online, guaranteed” is a nice touch. Even though there is nothing safe about this website. One area where they failed at is the check box for “show password”. It doesn’t work. that’s a hint that this is a fake website. Though they didn’t get every aspect right. Take this for example:
They had a couple of missing images. No legitimate bank would ever let a website go online with that sort of screw up.
Another sign that this is a skilled threat actor is the fact that they had code that validates that the card number that you enter is real. That way they know if they got some valid credentials that they can use to presumably drain your bank account dry. I say presumably because this is as far as I got. But that’s as far as I needed to get to be able to document this scam and bring it to you so that you don’t fall for it. Thus as always, if you get an email that looks like this, delete it and move on with your day.
Share this:
Like this:
Related
This entry was posted on March 30, 2024 at 7:03 pm and is filed under Commentary with tags CIBC, Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.