The IT Nerd

Here’s your second scam of the day. And this one is using Canadian airline Air Canada to make you more likely to fall for it. The scam starts via this email:

I find it extremely unlikely that any Canadian airline, never mind any airline period would just willingly hand over cash to anyone for deposit into their bank account or onto their credit card. On top of that, I haven’t flown Air Canada in over six years. So I know that there’s zero chance that this is real.

On top of all of that, this pretty much confirms that Air Canada didn’t send me this:

That’s not Aircanada.com so game over scammer. You lose and people should just delete this email. Except that I didn’t do that and clicked on the “Claim Now” link where I was pleasantly surprised with what I saw:

It looks like the hosting company that was hosting the threat actor’s scam website took it out. That’s good as I find that even when I report scams like this to hosting companies, they either take a long time to take out the website, or they never do. And that leaves people who fall for emails like this vulnerable to getting scammed. So kudos to Bluehost for nuking this website within 24 hours of this scam email hitting my inbox.

That doesn’t change the fact that you still need to be on your toes so that you don’t fall for a scam. Because you can’t depend on others to keep you safe. You have to take action by looking at the details of anything that you get to keep yourself safe.

When it comes to finding out about the latest scams, readers of this blog or my clients will sometimes bring them to me. But sometimes they just drop into my lap. Take this one that popped into my inbox that uses Canadian bank CIBC to try and scam you:

Now this leverages a couple of methods to try and get you to fall for the scam. The first is that the mail claims that CIBC has a new “verification method”. That’s something that will get people’s attention because banks are trying to move away from text message based two factor authentication because of SIM swap attacks where a threat actor swaps your cell phone number onto a SIM that they control so that they can then take over your bank account and drain it. So people may assume that this email is legitimate based on that. The second reason why people might fall for this scam is that there’s a sense of urgency around it based on the fact that you have a deadline to do what the threat actor wants you to do. Because nobody wants to be separated from their money. But this of course isn’t coming from CIBC and there’s three ways to tell in this case:

The first is the fact that this email address in the from field isn’t from cibc.com. In fact it’s not even close. So CIBC didn’t send this email.

Looking at the to field shows the same email address. That indicates that this is an email that is being sent to thousands of people hoping that 1 or 2 percent of them fall for this. That’s further reinforced by the fact that the body of the email doesn’t reference me by name and only says “sir or madam.”

The final part are the words “Click To againe Access”. Clearly the threat actor wasn’t smart enough to spell check this before sending this out. #Fail.

So if you get this email, you should instantly delete it and not click on any links. But by now you know that this isn’t how I roll. So I clicked the link and got this:

This is a pretty basic replication of the CIBC website. And if you look at the address bar, it’s clearly not CIBC.com. Which should be two more things to send you screaming in the other direction. But what this website is after is pretty clear to me. The threat actors want your debit card number and your password so that they steal your money. I entered a fake card number and a password that told the threat actor where to go and how to get there, and I was then dumped to the actual CIBC website. Now I can only conclude two things based on that. Either the threat actors had code in the website that detected that I entered invalid information and punted me to the real CIBC website as a result. Or this is a very basic scam website that snatched what I entered so that the threat actors can potentially go to town at someone else’s expense.

So even though this is a very basic, bordering on primitive scam, it’s still a scam. Which means that you need to be on your toes so as to not fall victim to it. Because a scam doesn’t have to be well executed to be effective.