Archive for Scam

RCMP Warns Of A #Scam Call Using Their Phone Number

Posted in Commentary with tags on December 4, 2023 by itnerd

If you’re in Ontario, you should be on the look out for scammers using an Ontario RCMP number to intimidate and threaten victims in order to scam them. The warning came out on Friday, and the scam uses the phone number 519-948-5287 to run the scam. Thus if you see this number, it’s likely a scam.

The RCMP also provided these facts in order to help you to avoid being scammed by people claiming to be the police:

Be aware that the police:

  • Will never ask you to make payments using bitcoin or gift cards,
  • Will not show up to your residence to collect money for a child in jail 
  • Will not ask for your personal information such as your Social Insurance Number (SIN), your date of birth (DOB) or phone number

On top of that, the RCMP doesn’t provide policing services in Ontario. Finally, they offer this good advice:

If you suspect that you are being scammed, hang up, wait ten minutes and call your local police service.

Waiting ten minutes before calling police is a good idea as scammers can sometimes hijack phones and continue the scam by pretending to be the police. A better piece of advice is to call the police from another phone.

If you’re in the rest of Canada, be prepared for this scam to go another province now that this is out there.

A New Canada Post #Scam Is Making The Rounds

Posted in Commentary with tags on November 21, 2023 by itnerd

A reader of this blog tipped me off to this Canada Post scam that seems to be making the rounds. It starts with a text message:

Now the threat actor is hoping that your critical thinking won’t kick in because we’re in that time of year where everybody is having stuff shipped to them. Thus you will be more likely to click on the URL in the message instead of clicking on “Report Junk”. Thus let’s dive in by clicking on the URL which for the record you should never, ever do:

Now this is a very good replication of the Canada Post website. Except for the fact that the URL is not https://www.canadapost-postescanada.ca. But the threat actors are hoping that you won’t notice that. There’s also no tracking number listed. That’s a #fail as well as any sort of package that Canada Post or any courier handles would have a tracking number. Now if you click on “Reschedule Delivery”, here’s what you get (click to enlarge):

And here’s where it begins to become clear what the threat actors are up to. First they want to snag your personal info. And I know that because Canada Post would have no reason to ask you for your date of birth. When I entered fake info, I encountered logic that made you fill out certain items that reinforced the fact that the threat actors want your personal info. Likely to do some form of identity theft. But they’re not done yet.

The threat actors want your credit card info as well. Likely to use it to buy a ton of stuff on someone else’s dime. But also to reinforce any attempt to steal your identity. I say that because a lot of places want your birthdate and your credit card along with a home address to run a quick credit check on you. So this threat actor could in theory use this info to take out anything from a cell phone to a loan. That’s pretty crafty.

Now if you’re wondering how Canada Post would contact you, here’s a quick primer. Legitimate Canada Post email notifications will only come from the email addresses below and only if you’ve opted into receiving tracking notifications or communications from Canada Post:

  • donotreply-nepasrepondre@notifications.canadapost-postescanada.ca
  • donotreply-nepasrepondre@communications.canadapost-postescanada.ca
  • bounce-renvoi@communications.canadapost-postescanada.ca
  • bounce-renvoi@notifications.canadapost-postescanada.ca

They will never send you a text message. Thus if you get something that isn’t from one of the email addresses above, and you haven’t signed up for tracking notifications, it’s likely a scam. Legitimate Canada Post SMS tracking or mail notifications and marketing communications will only show the sender as 272727 or 55555, and you will only get them if you have signed up to receive those notifications. Thus if you haven’t opted into getting these texts, it’s a scam.

The holiday season is a prime time for scammers to operate. Thus you need to make sure that you check any email or text twice to make sure that you don’t fall victim to a scam.

A New #Scam Is Targeting People Who Have Already Been Scammed

Posted in Commentary with tags on November 4, 2023 by itnerd

I came across a new scam that is pretty crafty. I say that because it targets people who have already been scammed. Now, how did I come across this scam? I noted this banner ad while browsing the Internet:

If you click the banner, you go to this website:

So this website claims to get your money back if you’ve been scammed. And to make themselves look legitimate, they have these logos on their website:

I am certain that if you reach out to these companies, they will say that they don’t work with this company. But there’s more:

This is how this company claims to get money back from scammers. To be frank, if it were as easy as is stated above, people would not lose money from scammers. Thus I call BS on this.

I want you to focus on the quality of the English in the screenshot above. It’s bad. That’s the hallmark of scammers who are based overseas and not native English speakers. So that alone should be a red flag. That’s on top of the fact that the figures quoted in terms of money recovered are bogus. Because if they were true, everyone from government to police would be singing their praises.

Finally, this customer testimonial and the others on this website are likely fake. But it’s meant to make you think that this is a legitimate service. Which to be clear, it isn’t.

Other notes:

  • None of the bottom links on this website work. That’s a red flag.
  • The company claims to be at 4223 MacLaren Street, Ottawa, Ontario, Canada. But that address doesn’t exist in Ottawa. But it does exist in Oshawa Ontario as highlighted by the picture below. That’s another red flag.

But here’s why a threat actor has set up this website. People who have been scammed often look for ways to get their money back somehow no matter how unlikely it will be that the victim would be able to get their money back. Thus if they trip over a website like this, they are likely to fall for this scam out of desperation. In effect, these scammers are re-victimizing people who have already been scammed. And it is a good strategy if you’re a scammer as anecdotal evidence suggests that if someone has falling for a scam before, they are likely to fall for another scam in the future.

I’ve turned this info over to the scam baiter community so that they can have some fun with the person or people behind this. And I’ve reported the ad to Google. Because it’s bad enough that we have people who have been victimized by scams. But to re-victimize them is not acceptable. Thus it is entirely possible that the site might be down by the time you read this as once scam baiters get involved, the scammers fold up shop pretty quickly. Though I will note that early feedback from scam baiters indicate that once you type in your phone number, someone will call you back from either a German number or a United Kingdom number. This is inconsistent with the claims that this company is located in Canada and highlights the fact that this is a scam.

Finally, I want to illustrate what you should do if you get scammed. You need to report it to your local police who can then give you additional directions. Beyond that, the U.S. Federal Trade Commission has a website for scam reporting, while the Canadian Anti-Fraud Center is the place to go if you’re in Canada. Other counties have similar organizations for reporting scams. But these clowns who claim to be able to get your money back aren’t someone you should deal with. And the expectation of getting your money back should be zero. That’s harsh to say. But it’s the truth.

A New Rogers Email #Scam Is Making The Rounds

Posted in Commentary with tags , on October 26, 2023 by itnerd

My wife and I haven’t been customers of Rogers for well over a year now. Thus when this email hit my inbox, I knew immediately that it was a scam:

Now besides the fact that my wife and I aren’t customers of Rogers, here’s the other reason why it’s a scam:

This email was not sent from a Rogers.com or an rci.rogers.com email address. Which means it was not sent by Rogers.

But the question is, what is the threat actor up to? To find out, I clicked on the Review Refund button which you should never do and got this:

This is a very, very bad copy of the login screen for “my Rogers” which is Rogers account management website. Here’s the real one:

Besides the look and feel of the website, there’s the fact that the fake one is clearly not being hosted by Rogers:

This is highlighted by the fact that you don’t see Rogers.com anywhere in the web address. Contrast that with the real one:

The real one has “account.rogers.com” in it.

My initial thought was that this looks like your classic credential harvesting scam to me. By that I mean that this scam wants to grab your credentials so that the threat actors can log into your account and do who knows what. Perhaps order an iPhone or two like I’ve seen in this scam involving Rogers. But I would be wrong. Entering a fake email address and password took me to this page:

It looks like they’re trying to steal your credit card details and using the “refund” that you’re supposed to get as a pretext for that. Not exactly new and it likely won’t fool most people. But as I’ve always said, scams don’t have to be successful in volume to be successful. I’ll be alerting Rogers about this so that they are aware. And the fact that you’ve read this means that you’re aware also. Which means that the level of success that this scam could have has decreased.

Avoiding back-to-school scams: Tips and Tricks From TELUS

Posted in Commentary with tags , on September 19, 2023 by itnerd

The back-to-school season is a prime time for fraudsters to target students and families as they gear up for the year. From scholarship scams, to fraudulent websites to acquire personal information, and even the sharing of back-to-school photos online, Canadians may be more susceptible to fall victim than they think. To help you to protect yourself, I did an interview with Leigh Tynan, Director of TELUS Online Security who was kind enough to provide tips and advice on this front:

  1. What is the current state of cybercrime in Canada? 

Fraud is on the rise — losses reported to the Canadian Anti-Fraud Centre reached an all-time high of $531 million in 2022, a 38 per cent increase from the previous year. That’s with only an estimated five per cent of victims actually filing a report, so the losses are likely much higher. Our lives have become increasingly digital and fraudsters are continuously looking to capitalize on that, finding new ways to scam Canadians. 

  1. What risks in particular do you feel Canadians are more susceptible to during back-to-school season? 

The back-to-school season can be a prime time for cybercrime given the increase of sharing our personal and financial information. This includes buying laptops, school supplies, clothes and books online. Plus, university students are likely getting a credit card for the first time or opening up a bank account in their own name.

Whenever we share our personal information, we risk that information being exposed. Identity thieves can use this information to access our accounts or impersonate us in things like credit applications. 

  1. Why do you feel it is important to stay up to date on cybersecurity during this time?

While scams used to be easy to spot, tactics have become increasingly believable—scammers will take the time to browse your social media accounts in order to impersonate someone you know, with the goal of tricking you into revealing sensitive personal info. Cybercriminals are also using technology like A.I. to evolve their tactics. 

It’s important to take various measures to help protect our identity. You should be suspicious if the offer seems too good to be true, it comes from an unfamiliar email domain, you’re being asked to share personal information or you’re prompted to ‘click’ to make a payment. Scammers will often put pressure on their victims and are getting very targeted with their approach. Take the time to carefully review the information at hand, even if it seems relevant to you. 

Services like TELUS Online Security will actually notify you if your info has been found on the dark web or if suspicious activity occurs in your credit file. Check if your personal information has been exposed on the dark web with a free scan at telus.com/DarkWeb. It’s a preview of a valuable feature from TELUS Online Security that detects and alerts subscribers whenever their information may have been leaked.

  1. The digital landscape is constantly evolving – what are some of the most common scams that Canadians should be aware of right now, specifically those surrounding the back-to-school season? 

Scams have become increasingly prevalent and sophisticated. The Canadian Anti-Fraud Centre has a great list of the top 10 frauds targeting Canadians.  A few of note include:

  • Spear phishing: when a fraudster poses as a trusted source to convince victims to divulge confidential data. It used to be easy to identify—with emails or texts riddled with spelling errors and unnatural requests—but scams are getting more sophisticated. Social media is another prime opportunity for phishing: for instance, fraudsters can easily create a fake Facebook profile pretending to be one of your friends, and then attempt to convince you to share private data using information that’s readily available, and often public, on social media.
  • Shopping scams: when scammers set up websites offering low-cost items like school supplies. Consumers enter their credit card information and complete their purchases, then the items they order never arrive. The scammers, though, now have their credit card information and can use it to rack up unauthorized purchases.
  • Scholarship scams: when cybercriminals ask for a small scholarship application fee to collect your information. While the fee might be small, profits add up for the scammer.  Another common example could be receiving an email notifying you that you’ve won a scholarship but must pay a redemption fee. 
  • Personal Information scams: when a scammer pretends to be from a business, government agency, bank or utility company and asks you to verify your personal information. They may request your name, address, birth date, or account information, then use it to impersonate you. 

It’s important to note that no organization is immune to a data breach. Beware of suspicious messages and requests for information. 

  1. How can Canadians educate themselves on cybercrime and security, and what measures can they take to better protect themselves?

I always recommend educating yourself as best you can. We wouldn’t consider leaving our homes without locking the doors, so why wouldn’t we treat our most valuable possession—our identity—the same way? The good news is that there are many educational resources to help us navigate the internet more safely, including the Canadian Anti-Fraud Centre and TELUS Wise, a free digital literacy education program that offers informative workshops and resources for Canadians of all ages. 

Other ways to help protect yourself include:

  • Creating complex, unique passwords for every login. 
  • Using a VPN while on unsecured networks like public Wi-Fi, especially while sharing sensitive info online. 
  • Ensuring your Wi-Fi network is protected by encryption. 
  • Locking down the privacy settings for your social media accounts and being careful who you let in.
  • Monitoring your financial accounts to spot any unauthorized transactions. 

For better peace of mind, consider comprehensive protection like TELUS Online Security, a multi-layered solution that helps protect your identity and connected devices. Not only does it help prevent threats with 24/7 global threat monitoring and a secure VPN, it also alerts you when you might be at greater risk. If you fall victim to identity theft, you’d be paired with a dedicated specialist to support you throughout the restoration process, and you’d be covered for up to $1 million in related expenses. Plus, it offers 24/7 live support with a team that specializes in cyber safety assistance. 

  1. Say someone falls victim to a scam – what steps should they take to mitigate as much risk as possible? 

If you think you may have been targeted by a scam or hack, stop all communication with the scammer and report it to your local police and the Canadian Anti-Fraud Centre. You should also notify your financial institutions and businesses where your information may have been compromised. Additionally, change your passwords and strengthen the security of your accounts, such as using two-factor authentication. In today’s world, where so much of our information is shared digitally, it’s critical to take these measures to help minimize the consequences of being scammed or hacked.

There’s A New Email #Scam Involving YouPorn Making The Rounds

Posted in Commentary with tags on September 6, 2023 by itnerd

There’s a new scam that I have to admit I didn’t see coming. This one involves porn site YouPorn and it claims via an email that you have uploaded a video of yourself and you have to pay to get it removed. Here’s the email that you get:

Now there one thing that is different about this scam:

It actually comes from a youporn.com email address to make you think that it is legitimate. But it’s likely been spoofed so it’s not legitimate. The email then claims to allow you to remove the video for free, but when you click on the link it opens up the home page of your browser. Then it offered several paid options to remove said video. Otherwise, the video will go live onto the site in seven days. Clearly this scam email isn’t convincing as when I checked the Bitcoin address that is used for this scam hasn’t received any money. But as I have always said, scams don’t have to be successful in volume to be successful. Thus don’t help these threat actors to be successful.

Bell Is Now The Target Of A Phone Scam

Posted in Commentary with tags , on September 2, 2023 by itnerd

In the last month I have reported on a Rogers phone scam, and a TELUS phone scam that target customers of both telcos to scam the unwitting out of phones. After coming across the TELUS one, I said this:

What’s clear here is that the threat actors have either moved on from using the Rogers name to run their scam, or the threat actors are running the two scams in parallel. Which means that they could move to using Bell, or Freedom, or any other carrier at any time once the word gets out that the scam exists and is tied to a specific carrier. That means you need to keep your head on a swivel at all times to make sure that you don’t get taken advantage of these scams.

Well, it seems the threat actors have moved onto Bell. A reader emailed into me about a scam that they encountered that involves Bell that goes something like this:

  • A person claiming to be from “Bell” will call you and offer you a discount in terms of your wireless service. And along with that, you will get a brand new Samsung Galaxy S23 delivered to your door.
  • IF you say yes, they will extract all sorts of personal information to complete the order. You will then get the phone a couple of days later.
  • After you receive the phone, you will then get another call from “Bell” saying the phone that you just received was accidentally sent to you. You will then be directed to go to the nearest UPS to send the phone to the “correct recipient”. And you will get a label from an email address ending in “@thebell.ca ” which isn’t Bell Canada.

What the scam is all about is that the threat actors are extracting enough information from you to order a new phone from Bell and ship it to you. That way you and Bell are out a new phone. Thus I will give you this advice:

  • Remember that Canadian cell phone plans are among the most expensive in the world. And carriers don’t give away phones. Especially Samsung Galaxy S23 models. Thus if it sound too good to be true. It is likely too good to be true. 
  • If you want to verify if a deal is true or a scam, hang up and call Bell using a number from their website. Do not rely on the number that you see on your phone’s call display as that could be a number that has been spoofed
  • Under no circumstances should you give out any personal information to anyone who calls you in this manner.

If you have fallen for this scam and the phone shows up at your home, call Bell, explain the situation and follow their instructions to cancel the account that the threat actors created and to return the phone to Bell. This is what I told the person who reported this to me.

Clearly these threat actors are very active. That means that you need to have your thinking caps on to make sure that you aren’t scammed. And if you come across any more variants of this scam, please let me know so that I can get the word out.

TELUS Customers Have Joined Rogers Customers In Being The Targets Of A Phone #Scam

Posted in Commentary with tags , , on August 21, 2023 by itnerd

Recently, I wrote about being the target of a phone scam using the Rogers name. Well, I had a reader of this blog reach out to me last night to say that he had been targeted in similar scam using the TELUS name.

The person told me that the threat actor offered him a $40 a month plan with a “free” iPhone 14 Pro Max. Now if that sounds familiar, it’s a very similar pitch that I got from the threat actor who claimed to be Rogers. Now he asked for the details via email to make sure he got it in writing. And he did get them. But he got them from an email address ending in “mail.com.” This tipped him off that this was a scam and he hung up. But not before providing his drivers licence number and home address. Which is bad as that is a great jumping off point for a threat actor to launch an identity theft scam. On my advice, he’s enabling credit monitoring via Trans Union and Equifax to make sure that he catches anything that these threat actors do. And it’s a safe bet that he’s likely to be the target of more scams in the future as he’s now on the radar screens of the threat actor.

Now, to make sure that you stay safe, here’s some advice in terms of protecting yourself:

  • Remember that Canadian cell phone plans are among the most expensive in the world. And carriers don’t give away phones. Especially iPhone 14 Pro Max models. Thus if it sound too good to be true. It is likely too good to be true.
  • If you want to verify if a deal is true or a scam, hang up and call TELUS using a number from their website. Do not rely on the number that you see on your phone’s call display as that could be a number that has been spoofed.
  • Under no circumstances should you give out any personal information to anyone who calls you in this manner.

What’s clear here is that the threat actors have either moved on from using the Rogers name to run their scam, or the threat actors are running the two scams in parallel. Which means that they could move to using Bell, or Freedom, or any other carrier at any time once the word gets out that the scam exists and is tied to a specific carrier. That means you need to keep your head on a swivel at all times to make sure that you don’t get taken advantage of these scams.

Finally, if you’ve come across one of these scams, please reach out to me so that I can publish the details and expose these scams so it limits how effective they are. Also reach out to the phone carrier in question so that they can take actions on their end. Because whomever this threat actor is, they’re clearly busy trying to scam Canadians out of their hard earned money.

Rogers Is Being Used In A Very Aggressive #Scam

Posted in Commentary with tags , on August 9, 2023 by itnerd

I haven’t been a customer of Canadian Telco Rogers for over a year. Thus when I got this email in my inbox, I was suspicious:

This email had me saying “this is a phishing email for sure.” And that was confirmed when I looked at the email address that it was sent from:

That’s not from rci.rogers.com which is Rogers corporate email domain. It isn’t even from rogers.com which is the email domain for Rogers Internet customers which should still ring alarm bells, but would at least be more likely to fool someone less tech savvy than I who gets this email. So, what’s the play here. Let’s find out by clicking the link which you should NEVER EVER DO:

After clicking the link, I was presented with this web page. If you look at the URL bar, this isn’t from Rogers as it doesn’t end in Rogers.com or something similar. It also has a clock at the bottom to get you to act on this “offer” if you want to call it that. You’ll also note that the website wants to send you notifications. If you’re presented with a prompt like this, you should decline to do so. I’ll show you why in a minute. What happens next is that it leads me through a survey. Here’s question 3 of 7 to illustrate this:

After you go through this nonsense, you get take to this site where you need to fill out your details:

Again, this isn’t a Rogers site. And again, you’ll note that there’s a prompt to show notifications. I put in some bogus info and got this page:

So, the endgame is that they want to get you to hand over your credit card details for a device that is supposed to be “free”. This form does validate that the credit card is active which illustrates a level of sophistication by the threat actors.

What about those requests to allow notifications? Well, seconds after I clicked allow, which again you should NEVER EVER DO, I got this:

Wow. A two for one. You get a credit card scam and a pop-up scam. I don’t see that every day. Clicking on the McAfee one got me this:

I also clicked on some of the other pop ups and got everything from gift card scams to investment scams. Clearly these threat actors are trying to get you in some way shape or form. And to add to this, all these scams go to different domains which prompt you to accept more notifications. Thus making your browser more and more of a dumpster fire. Fortunately for me, I reset my browser back to factory defaults to make all of this go away. But less savvy users may be unable to do so and fall for something or get frustrated.

The bottom line is that clearly there’s an aggressive threat actor using Rogers name to perpetrate a very aggressive scam. If you get this email, delete it and move on with your day. And I’ll be reporting this to Rogers so that they’re aware of this as well which won’t make the threat actors behind this too happy I’m sure.

A Spotify Email #Scam Is Making The Rounds

Posted in Commentary with tags on July 31, 2023 by itnerd

Having just returned from vacation, I see that a number of scams have entered my inbox. The one that I will speak about today is a Spotify scam that claims that they can’t bill you for using Spotify:

As usual the quality of the English in this email is suspect. Which should be the first hint that this is a scam. The second sign that this is a scam is this:

This isn’t sent from Spotify as the email domain is “app.mail.com” rather than Spotify.com.

But if you take those two things out of the mix, the look of the email mostly fits the style that Spotify uses in their communications. Thus I can see how someone might fall for it.

Now, if you don’t have a Spotify account, and you get this email, the correct response should be to delete it and move on with your day. And even if you do use Spotify, those two things that I pointed out should make you delete this email anyway. But what do the threat actors want? I’m betting that this is a phishing email to steal your personal information or financial details. So let’s find out if that’s true (which by the way you should never, ever do).

This is a pretty good copy of the Spotify page. There are some errors but I can see if someone isn’t looking closely enough that they could fall for this. And by closely enough, I mean this:

This should be Spotify.com. But it isn’t. Which means that this is a phishing page.

And as I expected, here’s where the threat actors try to steal your credit card details. I typed in a bogus credit card number and it let me get to this page:

This makes you think that it’s doing something. But it’s not. If you’ve typed in your actual credit card details, you’ve been pwned. I believe that this and the next page are just for show to keep you on the hook:

You’re supposed to get a text message via the “Verified By Visa” service that Visa has. And this is where things get interesting. I entered a bogus credit card number earlier in this process which the website identified as being a Visa card. And that would be correct as the number that I entered was a Visa card. But I found it interesting that they didn’t validate that the credit card number was valid up front. I am guessing that they are doing the validation on the back end of this scam by using the “Verified By Visa” service to do that. I assume that they has similar checks for MasterCard, Discover, and AMEX.

Crafty.

So now that we know what the threat actors in this scam are up to, my usual advice applies. If you see this email or one like it, look for the things that I pointed out earlier in this article to confirm that it’s a scam, and then delete the email and move on with your day.

UPDATE: The same threat actor has put out a new version of this email. It looks like this:

They also made one other change to the email. Which is the email address that it was sent from:

Clearly they made that adjustment to make the scam more convincing. The rest of the scam remains the same.