The scumbags that want to use nefarious means to separate you from your money clearly aren’t taking this Mother’s Day off. I say that because I just got this text message on my iPhone:
I have left the phone number in so that if you get this text, you can compare it to my picture. Though the scammers may change this at any time. In any case, it claims to be from Scotiabank, but it’s not really from Scotiabank as the website that the text is asking you to go to is “myscotia-mobilealerts.com” which isn’t a domain that Scotiabank would ever use. In fact, if you do a Whois lookup on the domain, you get this:

The scammer has used a service called Privacy Guardian to hide their identity. Scotiabank (or any other bank, company, etc) would ever do that. That’s a big hint that this domain isn’t legitimate. Also if you look at the creation date, it was created a few days ago. Another big hint that this website isn’t legitimate as companies have domains for years and not days.
Because I like to go down the rabbit hole in order to educate my readers on how to avoid these scams, I clicked on the link, which is something that you should never do, and got this:

This has phishing scam written all over it. As in you put your bank login details into this website and the scammer then uses them to steal everything out of your bank accounts. The questionable grammar is the next big hint that this isn’t legitimate as companies take the time and effort to get that right, and scammers don’t. Take this for example:

Sent to [you]? #Fail.
Going further down the rabbit hole I get this when I click on “Verify Account”:

This is a very, very good replication of the actual Scotiabank login page. You can compare the picture above to the actual Scotiabank login page by clicking here. Clearly this is where the scammers invested their time and effort.
I didn’t go any further as it is clear that this is a phishing scam. As usual, I’ll be alerting Scotiabank to this so that they can take action against the scammers however they can. In the meantime, this is proof positive that you need to have your head in the came by constantly being on the look out for scams like these. Because they can literally come from anywhere and if you’re not careful, it could cost you a pile of money.
WARNING: A Text Message #SCAM Involving The CRA Is Making The Rounds
Posted in Commentary with tags Scam on May 14, 2022 by itnerdAnother day, another scam. This one involves the CRA or Canada Revenue Agency. It is delivered via text message and looks like this when it hits your phone:
I left the phone number in place so that you can compare it to this screenshot if you get a text like this. Some comments about this text:
If you click on the web link, you see this:
There was actually a captcha present. I am guessing that this is here to add to the impression that this website is legit. Another sign that these scammers have some skill. Next up is this:
You’re prompted for your social insurance number. And the website that you’re sent to looks very much like the actual CRA website. Thus I can see how people might be fooled by this. But if you look at the URL at the top of screen, it’s clearly not a Government of Canada web site. Here’s a closer look:
This is clearly a scam based on this URL. But I wanted to dig into this more, so I entered a bogus number that was nine digits in length. That’s important as social insurance numbers are nine digits long and this is what I got:
The spinning wheel that you see here is the same behaviour as the actual CRA website. Again, this suggests a high level of skill from the scammers. Though I do note that it doesn’t seem that they are validating the number that is entered. That implies that grabbing social insurance numbers is not the scammers end game.
You are then take to this page:
Clearly this is the end game for the scammer which is to steal your banking details. I picked my bank which is CIBC and got this:
Another sign that this scam is run by people who have a high degree of skill is that this website looks just like the CIBC website. Though that falls down a bit because the URL at the top has not changed. You would think that it would go to something with “CIBC” in it. But it doesn’t. #FAIL.
The skill of the scammers is highlighted by this when I tried to enter a bogus card number:
This website actually checks for the validity of the card number. I have to give it to whomever who is behind this scam. Unlike most of these scams where they don’t do any of this, these guys are trying to get accurate info so that they don’t waste their time capturing bogus card numbers and passwords. That way they are more likely to score in terms of being able to drain bank accounts. If they also get a valid social insurance number, that’s a bonus.
Because of this, I wasn’t able to go any further to investigate this scam. But it shows that these scams are getting better and better. Which means that you need to really have to have your head in the right place to avoid getting scammed. Thus consider yourself warned.
Leave a comment »