...Just a quick warning about a phishing scam targeted at Canadians -- this morning I received an email purportedly from the "Trust and Safety Department" at the Royal Bank of Canada. The message was well-formatted and of a higher quality than many other common phishing attempts; it could easily be mistaken as legitimate.
The email warns that a customer account deactivation has taken place due to "multiple password failures". The warning goes on to ask that the customer log-in via an included URL to confirm their identity. The intent is to gather username and password combinations for actual RBC customers.
Although the included URL appears to be legitimate (in that it points to a Royal Bank domain), a closer look reveals that the user is actually directed to the Norwegian host pudder.net. This site is alive and active, but doesn't appear to serve any legitimate pages. The host is more than likely a compromised machine being used to temporarily gather data -- other variations of the scam use different hosts altogether.
Text of the email is as follows:
From: Royal Bank Of Canada [mailto:[email protected]]
Sent: Wednesday, May 11, 2005 1:02 AM
Subject: Urgent Notice - Verify your account activity
Dear Valued Royal Bank Customer:
We recently have determined that different computers have logged into your Royal Bank of Canada account, and multiple password failures were present before the logons. We now need you to log into your account and verify your account activity. If this is not completed by April 27, 2005 we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.
To log into your account and verify your account activity, click here: (URL removed)
We appreciate your support and understanding, as we work together to keep Royal Bank of Canada a safe place to do business. Thank you for your patience in this matter.
Trust and Safety Department
Royal Bank of Canada
--
[Update: May 12, 2005] -- Another email variation, another new hostname: haukelid.com.
1 comment for this entry ↓
1 Vera Abbott // Sep 18, 2007 at 12:33 am
I'm well aware of the "phishing" scam that goes on, and I'm quite concerned about it since I got a letter from Royal Bank Collections in Mississauga, Ont, but when I went looking for it under "Find Branch", the Postal Code wasn't anywhere in the list which took me to Toronto, Brampton, Etobicoke as well as Mississauga. The letter and the envelope look like the real deal, however since the person they're writing about doesn't owe them anything, (it was all taken care of by the local branch) I'm very suspicious about it, so will be phoning them in the morning.
Leave a Comment