There’s lots of scams out there for you to keep an eye on. And I’m adding one more to the list. That scam will show up in your inbox and look like this.
Now scams will often present a problem that requires immediate action to make you fall for it. This one is no different. Apparently my online access has been revoked and I need to “click to gain accss”. The spelling of the word access was my first hint that this was a scam email. The second was that there were two commas after the word customer. Then there’s the fact that I am not specifically named in this email. Any email I’ve gotten from CIBC as that’s my bank has my full name in it. So that’s three strikes and this email should be deleted. But there’s actually a fourth problem with this email:
This didn’t come from CIBC as the email address is wrong. The correct email address that CIBC uses is this one:
At this point, I should have deleted the email and moved on. But as you know, that’s not how I roll. So I copied the URL into the web browser on my testing computer and got this:
Now I will give the threat actor some points for registering a URL that looks like “CIBC-Online” so that you will be fooled into thinking that this is the actual CIBC website. The use of a CAPTCHA is an interesting touch as that adds a vibe that this is the legitimate CIBC website. Click on the “I’m not a robot” part and you get this:
Again, I have to give the threat actor credit here for creating a very convincing fake CIBC website. And the part at the bottom left where it says “Safe banking online, guaranteed” is a nice touch. Even though there is nothing safe about this website. One area where they failed at is the check box for “show password”. It doesn’t work. that’s a hint that this is a fake website. Though they didn’t get every aspect right. Take this for example:
They had a couple of missing images. No legitimate bank would ever let a website go online with that sort of screw up.
Another sign that this is a skilled threat actor is the fact that they had code that validates that the card number that you enter is real. That way they know if they got some valid credentials that they can use to presumably drain your bank account dry. I say presumably because this is as far as I got. But that’s as far as I needed to get to be able to document this scam and bring it to you so that you don’t fall for it. Thus as always, if you get an email that looks like this, delete it and move on with your day.
CIBC and TELUS today announced the launch of the CIBC Mobile Payment App to TELUS mobile devices with Near-Field Communications (NFC) capability, allowing more Canadians to have access to mobile payments. Using this system, you’ll be able to pay for anything from a coffee to groceries using your phone as long as you have a CICB credit card account and a supported phone. CIBC credit card clients using the following devices on the TELUS network will be able to download the CIBC Mobile Payment App from Google Play beginning today:
Samsung Galaxy S4
Samsung Galaxy SIII
Samsung Galaxy Note II
HTC One
Users of the following BlackBerry devices on the TELUS network will have access to the CIBC Mobile Payment App later this month:
BlackBerry Z10
BlackBerry Q10
BlackBerry Bold 9900
So if you’re already a CIBC and Telus customer with a supported phone and a CIBC credit card, download the app and give it a try. I think you’ll find it to be very handy.
An announcement today came from banking giant CIBC and telco giant Rogers announced that they are teaming up to allow smartphone users to use their smartphones to pay for the stuff that you need:
CIBC and Rogers Communications today announced an agreement to launch Canada’s first joint mobile payment solution, allowing Canadians to pay with their CIBC credit card at the checkout counter using their Rogers “Near Field Communications” (NFC) enabled smartphone. Beginning later this year, customers will be able to use this payment capability at merchants across Canada where contactless credit card payments are accepted.
This announcement represents the first time a bank and a wireless carrier have joined forces to offer a commercially available mobile payments solution to Canadians that leverages the secure SIM card inside an NFC-enabled Rogers smartphone. This new solution aligns to guidelines announced yesterday by the Canadian Bankers Association for mobile payments in Canada, as well as those developed by respected international associations such as the GSM Association (GSMA), the association of mobile operators and related companies dedicated to standardizing and supporting GSM technology.
The key thing to note here is that you have to have a NFC or Near Field Communications chip on your smartphone. Currently not many smartphones have this chip. But ones that do are not far away. Here’s some of the features that you can expect once this service rolls out:
Full access to a client’s existing CIBC credit cards on their smartphone at no extra cost – whether Visa or MasterCard – this gives clients the opportunity to earn loyalty points on purchases as they do today.
Multiple layers of security – Paying with your NFC-enabled smartphone will be as secure as using your credit card today. Clients will receive the same fraud protection they do with their contactless credit card, and secure encryption technology will add to the layers of security already in place on credit card purchases. Clients will also have the option to set additional password protection.
No “stickers” on your phone – this new payment capability will leverage the secure SIM card inside a mobile device for payments, meaning clients can manage their credit card credentials on a secure platform, and won’t need to worry about stickers attached to their phone.
Sounds sweet. I’d like to see what this looks like when it rolls out in Canada. It’s available now in other places in the world. If you’ve used a service like this elsewhere, please post a comment and share your experience.
I got a voice mail yesterday from the Canadian Imperial Bank of Commerce (or CIBC as they go by these days) saying that my debit card has been restricted in terms of how I could use it because of suspicious activity. I checked my accounts on line and found no such activity. That was a relief as I have previously had my card compromised and the scumbags went on a spending spree after cloning my card. Not cool at all. So I called them and got a CIBC call center in the province of Saskatchewan. Initially, the individual was helpful and advised me that I needed to change the PIN number my debit card. He then walked me through the steps I would need to do in a two hour window to do so at the nearest CIBC ATM. This took about five minutes and I figured that I would be off the phone quickly and I could deal with this and go about my day.
Too bad I was wrong about that.
He then started to ask probing questions about my bank accounts and credit card. This led to him trying to switch the credit card I already have to a “better” one. When I didn’t show any interest in his offer, he became ultra aggressive about trying to get me to listen to his pitch and to take what he was offering. Clearly he was on commission. I eventually had to tell him to call back at another time as that was the only way I could get him off the phone.
Here’s my problem with this. If CIBC wants to have me sign up for for new products and services, I have no problem with that. Simply send an offer in the mail of use some call center to try and get me to sign up. As long as they’re not calling during dinner or something, I have no issue with that. But when I respond to a voice mail about a potential breach of my debit card that you want me to respond to ASAP so that you can protect me from fraud, and you then try to sell me something at that point, then I consider that to be unsavory at best. All this experience did is create a rather negative experience that makes me want to look at TD, BMO, Scotiabank, or RBC for my banking needs. Would those four banks do something like this? I have no idea. But the fact that CIBC does makes me not want to deal with them after 22 years of continued business.
CIBC, your customer service is a #fail. You might want to do something about it if you want to keep my business.
An Email #Scam Using CIBC’s Name Is Making The Rounds
Posted in Commentary with tags CIBC, Scam on March 30, 2024 by itnerdThere’s lots of scams out there for you to keep an eye on. And I’m adding one more to the list. That scam will show up in your inbox and look like this.
Now scams will often present a problem that requires immediate action to make you fall for it. This one is no different. Apparently my online access has been revoked and I need to “click to gain accss”. The spelling of the word access was my first hint that this was a scam email. The second was that there were two commas after the word customer. Then there’s the fact that I am not specifically named in this email. Any email I’ve gotten from CIBC as that’s my bank has my full name in it. So that’s three strikes and this email should be deleted. But there’s actually a fourth problem with this email:
This didn’t come from CIBC as the email address is wrong. The correct email address that CIBC uses is this one:
At this point, I should have deleted the email and moved on. But as you know, that’s not how I roll. So I copied the URL into the web browser on my testing computer and got this:
Now I will give the threat actor some points for registering a URL that looks like “CIBC-Online” so that you will be fooled into thinking that this is the actual CIBC website. The use of a CAPTCHA is an interesting touch as that adds a vibe that this is the legitimate CIBC website. Click on the “I’m not a robot” part and you get this:
Again, I have to give the threat actor credit here for creating a very convincing fake CIBC website. And the part at the bottom left where it says “Safe banking online, guaranteed” is a nice touch. Even though there is nothing safe about this website. One area where they failed at is the check box for “show password”. It doesn’t work. that’s a hint that this is a fake website. Though they didn’t get every aspect right. Take this for example:
They had a couple of missing images. No legitimate bank would ever let a website go online with that sort of screw up.
Another sign that this is a skilled threat actor is the fact that they had code that validates that the card number that you enter is real. That way they know if they got some valid credentials that they can use to presumably drain your bank account dry. I say presumably because this is as far as I got. But that’s as far as I needed to get to be able to document this scam and bring it to you so that you don’t fall for it. Thus as always, if you get an email that looks like this, delete it and move on with your day.
Leave a comment »