Now that tax season is over in Canada, I guess the scumbag scammers of the world have moved on to text message based phishing scams. Take this one using the name of Scotiabank:
Now this should stretch the boundaries of credibility right out of the gate because it references the first four digits of a Scotiabank debit card number. Why is that important? Every Scotiabank debit card starts with “4536”, which means that the scumbag scammers are hoping that you won’t pay attention to that rather than saying “if this were meant for me specifically, they would be using the last four digits of my debit card as that’s unique to me.” Another area where this text message loses credibility is the website that the scumbag scammers want you to go to. Scotiabank does not own a domain called “Https://auth-scotiabankcanada.com” nor would any communication coming from Scotiabank have a capital H in it. So who owns this domain? For giggles, let’s have a look:
Hmmm…. This traces back to .ru which is Russia the last time I checked. Maybe that’s accurate. Maybe it isn’t. But it sure isn’t Scotiabank.
So right there, we have more than enough evidence to say that this is a scam, and that you should delete this text message. But because that’s not how I roll, let’s see what happens when I click on the link which by the way you should never ever do:
Well, I see that it’s amateur hour with this particular scumbag scammer. I say that because whomever is behind this scam can’t set up a website that uses SSL encryption properly. That means that 99% of people will not get scammed because these clowns are too stupid to set the scam up properly so that a web browser can get to the scam website. More on how they screwed that up in a second.
So after figuring out where they went wrong with their website, and passing by a CAPTCHA (which seems to be a thing with these phishing websites as of late) that even snagged my IP address:
I got this:
I wonder how that compares to the real login screen for the real Scotiabank website…..
It’s a very, very good copy of the real Scotiabank website. Though the real site uses SSL encryption as evidenced by the padlock in the address bar at the top left. And the fake one doesn’t use SSL encryption at all. This is noteworthy because the text message that the scammers send you uses “HTTPS” in the link that is in the text message. That means that if you click on it, the web browser will request an SSL encrypted web page. And when it doesn’t get it, the browser throws an error message like the one that I took a screen shot of. Now this combined with the fact that web browsers in 2024 want only deal with SSL encrypted web pages, and warn you when they don’t get one as it’s a bit of a security risk, shows you that these scumbag scammers really didn’t do their homework. Thus as a result they screwed up the execution of this scam.
Regardless, I can see how someone might be fooled by this scam website. Not to mention the fact that if you look at the address bar, you’ll see “https://auth.scotiaonline.scotiabank.com” which is very similar to the scammer’s website which is “https://auth-scotiabankcanada.com”. This is an old trick that scammers use where they will come up with a URL that unless you’re paying attention, you might not notice that it’s not the same as the website that you are used to going to. That highlights the fact that you need to look at the URL closely before you type your credentials into a website. Or better yet, bookmark the websites that you go to and only use your bookmarks so that you know that they can be trusted.
Back to the scam. I entered some bogus credentials and got this:
Based on the questions, it looks like the scumbag scammers are running an identity theft scam for starters. I am basing that on asking for your mother’s maiden name which is a common security question. I entered some bogus info and got this:
So it’s not just your identity that they’re after. They want your card number right down to your ATM PIN number. That suggests to me that anyone who is unlucky enough to fall for this scam might be dealing with a group of scumbag scammers who are going to use this info to drain your bank account dry. Possibly by going to an ATM with a card that they create with this information. That implies that the scammers might be in Canada. And the Russian registration may be a ruse.
So, given the incompetence of the scammers behind this, combined with the fact that I reported this scam website to Google via this link, and to Microsoft via this link, I suspect that this website will have few if any victims. But it illustrates that you really need to question the legitimacy of anything and everything, along with doing some detective work if required to stay safe online. I say that because even incompetent scumbag scammers like these ones can get lucky and get a great payday at your expense.
In celebration of International Women’s Day, Scotiabank has made a $150,000 donation to Ladies Learning Code and more specifically, its Girls Learning Code programming, which covers topics from HTML and CSS to 3D printing and hardware hacking.
This donation aligns well to the Bank’s focus and commitment to digital and their philanthropic strategy in support of young people in the community. Their donation will enable thousands of girls across Canada, to learn what they are possible of creating with technology and to ensure that they are aware and equipped and aware of the exciting roles that are available in the digital landscape. As part of their donation, they are also supporting national Girls Learning Code Day on May 13, 2017.
Scotiabank has announced a new partnership with Kabbage, a leading financial technology and data company and disruptor in the online lending business.
Kabbage’s technology will power a new and improved Scotiabank online lending portal, Scotiabank Fastline for Business, which will allow small business customers in Canada and Mexico to apply for and access up to $100,000 of working capital in little as sevenminutes – a process that previously took up to six months.
Seven facts about the Scotiabank-Kabbage partnership:
More than 80% of Canadian start-ups used personal financing to finance their new businesses in 2014 because they lacked the credit history or collateral to secure a loan.
Scotiabank small business customers will be able to apply for a small business loan online and receive a decision and access to funds in minutes, using key business data sources and account information.
The platform will be available through Scotiabank online banking sites in Canada and Mexico.
Once approved, customers will have the flexibility to draw the funds as individual term loans, from $1,000 (specific to Canada), up to the approved loan amount. Each loan can have its own repayment terms.
Scotiabank is the 3rdinternational bank and the 1st in Canada to select the Kabbage platform, in the past six months, reinforcing the importance of fueling small business growth across the world, with an unmatched customer experience.
In October 2015, Kabbage announced that Scotiabank invested in the company’s growth. This is another example of the Bank’s commitment to providing customers with a digital banking experience, and an example of the work being done at the Scotiabank Digital Factory.
Existing small business customers, currently not borrowing from Scotiabank, will be able to apply for a Scotiabank Fastline for business, powered by Kabbage loan, beginning July 2016.Scotiabank Mexico customers will be able to apply for a Scotiabank Kabbage loan beginning August 2016.
There’s one other thing to point out. Scotiabank is the first international bank based in Canada to partner with Kabbage. The Bank is piloting the new lending program in Canada and Mexico through a phased-in approach, beginning by offering the service to its more than 100,000 current non borrowing small business customers in the two launch markets.
Over 100 top tech talent will come together for Scotiabank’s first hackathon, called Scotiabank Hack IT which will take place February 5–7 in Toronto at Scotiabank Centre, located in Scotia Plaza. Over the weekend, participants will come together to create new digital solutions to help Canadians manage debt.
On Sunday, after being judged by special guests from the finch space including Amber Mac, Ron Tite, Mike Bowler, Jeff Goldenberg and Adam Nanjee. Teams will present their solutions on Sunday from 3:00 p.m.– 5:00 p.m. in a science fair style, with the winners’ announcement taking place at 5:45 p.m. The top teams will be up for $25,000 in prizing and the opportunity to interview for positions at the Scotiabank Digital Factory.
This promises to be a very interesting event. If you’re in the Toronto area, drop by and check it out. Learn more about the event at www.scotiabankhackit.com, by following them on Twitter at @ScotiaHackIT and by using the hashtags #ScotiabankHackIT and #debtchallenge.
Scotiabank this week unveiledDigital Factory, a new digital innovation hub where the Bank will collaborate and partner with FinTech providers and startups to disrupt the financial services space and improve the digital banking experience for its 20 million customers.
With plans to be fully operational by mid-2016, Scotiabank’s Digital Factory will house more than 350 jobs for top technology talent inToronto’s downtown core, including newly created roles in areas such as:
User interface and user experience designers;
Agile practitioners, such as scrum masters, agile coaches and solution architects; and,
Data scientists and other advanced analytics specialists.
Scotiabank’s Digital Factory will serve as a hub for the co-creation and incubation of new Scotiabank and partner-led ideas to deliver world-class customer solutions enhanced through digital channels.
You can fully expect me to keep an eye on this as it sounds really cutting edge and interesting.
A Text Message #Scam Using Scotiabank’s Name That Is Run By Incompetent Scammers Is Making The Rounds
Posted in Commentary with tags Scam, Scotiabank on May 3, 2024 by itnerdNow that tax season is over in Canada, I guess the scumbag scammers of the world have moved on to text message based phishing scams. Take this one using the name of Scotiabank:
Now this should stretch the boundaries of credibility right out of the gate because it references the first four digits of a Scotiabank debit card number. Why is that important? Every Scotiabank debit card starts with “4536”, which means that the scumbag scammers are hoping that you won’t pay attention to that rather than saying “if this were meant for me specifically, they would be using the last four digits of my debit card as that’s unique to me.” Another area where this text message loses credibility is the website that the scumbag scammers want you to go to. Scotiabank does not own a domain called “Https://auth-scotiabankcanada.com” nor would any communication coming from Scotiabank have a capital H in it. So who owns this domain? For giggles, let’s have a look:
Hmmm…. This traces back to .ru which is Russia the last time I checked. Maybe that’s accurate. Maybe it isn’t. But it sure isn’t Scotiabank.
So right there, we have more than enough evidence to say that this is a scam, and that you should delete this text message. But because that’s not how I roll, let’s see what happens when I click on the link which by the way you should never ever do:
Well, I see that it’s amateur hour with this particular scumbag scammer. I say that because whomever is behind this scam can’t set up a website that uses SSL encryption properly. That means that 99% of people will not get scammed because these clowns are too stupid to set the scam up properly so that a web browser can get to the scam website. More on how they screwed that up in a second.
So after figuring out where they went wrong with their website, and passing by a CAPTCHA (which seems to be a thing with these phishing websites as of late) that even snagged my IP address:
I got this:
I wonder how that compares to the real login screen for the real Scotiabank website…..
It’s a very, very good copy of the real Scotiabank website. Though the real site uses SSL encryption as evidenced by the padlock in the address bar at the top left. And the fake one doesn’t use SSL encryption at all. This is noteworthy because the text message that the scammers send you uses “HTTPS” in the link that is in the text message. That means that if you click on it, the web browser will request an SSL encrypted web page. And when it doesn’t get it, the browser throws an error message like the one that I took a screen shot of. Now this combined with the fact that web browsers in 2024 want only deal with SSL encrypted web pages, and warn you when they don’t get one as it’s a bit of a security risk, shows you that these scumbag scammers really didn’t do their homework. Thus as a result they screwed up the execution of this scam.
Regardless, I can see how someone might be fooled by this scam website. Not to mention the fact that if you look at the address bar, you’ll see “https://auth.scotiaonline.scotiabank.com” which is very similar to the scammer’s website which is “https://auth-scotiabankcanada.com”. This is an old trick that scammers use where they will come up with a URL that unless you’re paying attention, you might not notice that it’s not the same as the website that you are used to going to. That highlights the fact that you need to look at the URL closely before you type your credentials into a website. Or better yet, bookmark the websites that you go to and only use your bookmarks so that you know that they can be trusted.
Back to the scam. I entered some bogus credentials and got this:
Based on the questions, it looks like the scumbag scammers are running an identity theft scam for starters. I am basing that on asking for your mother’s maiden name which is a common security question. I entered some bogus info and got this:
So it’s not just your identity that they’re after. They want your card number right down to your ATM PIN number. That suggests to me that anyone who is unlucky enough to fall for this scam might be dealing with a group of scumbag scammers who are going to use this info to drain your bank account dry. Possibly by going to an ATM with a card that they create with this information. That implies that the scammers might be in Canada. And the Russian registration may be a ruse.
So, given the incompetence of the scammers behind this, combined with the fact that I reported this scam website to Google via this link, and to Microsoft via this link, I suspect that this website will have few if any victims. But it illustrates that you really need to question the legitimacy of anything and everything, along with doing some detective work if required to stay safe online. I say that because even incompetent scumbag scammers like these ones can get lucky and get a great payday at your expense.
Leave a comment »