Phishing emails running rampant this holiday season

Ever since the holiday season started I have been receiving a hoard of phishing emails both on my personal and work email accounts. The emails seem to be after my bank account and either state that the bank believes my account has been compromised and I need to re-enter all my details on the website at the link given below to ‘fully reactivate’ my account, or that I need to enter them to ‘update’ my account to benefit from the banks ‘new security features’.

What is interesting is that I started receiving these emails soon after of my credit card was used fraudulently online to purchase merchandise from stores in France. Thankfully, my bank refunded the purchases and issued me a new card.

Below is an screenshot of a phishing email masquerading to be from TD Canada Bank:TD Bank Phishing Email

An example of a phishing email that appears to be from TD Canada Bank

While phishing emails like these can be very much like the real thing, a little diligence can go a long way to help spot these as fake right away. Here are a few pointers from the image above that might help spot a fake email:

  1. The email has a generic greeting. In this case its “Dear TD Canada Trust Valued Customer”. If the email were legitimately from your bank, they would know who you are, and would address the email to your name.
  2. The link in the email is fraudulent. Although the link text seems to indicate that it leads to the actual TD site, it doesn’t. How do you identify this? Its simple. Just hover your mouse over the link and you would notice that it actually points to a completely different domain. And the link is not secure either (uses http:// instead of https://). The actual link is usually visible on your browser or email client’s status bar. Keep in mind though that the website this link leads to will be almost identical to the real thing.
  3. There is almost always a sense of urgency in the email.
  4. The emails are usually riddled with typos / grammatical errors.

Here is a similar email for RBC. Unfortunately I deleted mine so this image is courtesy of Google.

And this is the scam website it links to:

A few pointers that might help keep you from getting scammed:

  1. Buy a reputed anti-virus product (Kaspersky is my personal favourite) if you don’t have one already and keep it updated all the time, if you are running Windows.
  2. Don’t ever open unsolicited email from senders you don’t know / trust. The holiday season is prime time for amazing deals / offers that will entice you to drop your guard. Remember, the old adage still holds, “if its too good to be true, it probably isn’t”.
  3. Switch to Linux! Well, at least when you are logging into your bank’s website / making purchases with your credit card. Most, if not all of these phishing emails and almost all viruses out there are targeted towards Windows users. Switching to Linux saves you a lot of pain as these Windows executable viruses have no impact on a Linux machine. Plus you can get away with not using an anti-virus. And its free! If you need Windows for a proprietary program such as Microsoft Office, you can always run Windows in a virtual machine such as VMware player.
  4. If you think your financial information might have been compromised, contact your bank immediately.

If you have already fallen for one of these scams, don’t feel embarrassed! An eCard that was spoofed as being sent from the Whitehouse conned several employees of the US government this holiday season and stole several gigabytes of sensitive government data. This only shows that sometimes, even the experts can fall for these scams, although it beats me why the US government hasn’t heard of a simple thing called SPF yet!

Stay safe online this new year!

Leave a Reply

Your email address will not be published.

10 + 1 =