This morning I got this text message:

There is only one problem: I do not now, nor (to the best of my recollection) have I ever banked with Scotiabank.

Don’t look now folks, but the bad guys have found another way to try to steal your money. Text Message Phishing. This one is easily spotted.

However: should you ever get a message from your bank, be it by email, text, or semaphores, do not click on any links. If you suspect it is real, call the number on your bank card (or your branch if you have a personal connection).

This summer I was walking off the golf course and I just missed a call from my actual bank. I pressed call-back. The agent did not ask for my information because my bank has voice recognition, and he said;

Mr. Garvis, never press call-back to the bank, and if you do, never give them any personal information. The scammers keep getting better, and they are spoofing our Caller ID instead of simply calling from their overseas numbers.

This was excellent advice, and I will continue to follow it. So should you.

Oh, and if anyone here reads semaphores and can explain how to embed a link, I would love to know.

I remember the first time I got a phishing request from a bank.  Not only was it a bank I had never done business with, I had in fact never heard of them.  I looked into it, and sure enough they were a real bank… but that didn’t change the fact that I did not do business with them.

In the twelve or so years since (have they really been around that long??) I have gotten hundreds of them, most of them are blocked by my spam filter but some of them get through.  Of those, only once or twice did I get a phishing attempt disguised as a bank I do actually do business with them… but the glaring mistakes made it obvious, even if I did not look closer.
As I got to my office one morning this week my phone beeped with the following e-mail:

I do have a credit card with TD, and while I had not used it for several months, I did use it to pay for my parking this morning… the first time I used it in months.  So while it might have been reasonable for them to contact me with a security issue, most phishing attempts are still pretty easy to detect… to someone who is looking for them.

When I hovered over the Verification Link I got a completely ridiculous URL… what the heck would TD Canada Trust be using makeup-artist-hansen.de for?  No way.  And besides, let’s take a look at the original mail header again:

Who the heck is zimbra1.misterweb.it? Definitely not a good sign.

Here’s the long and the short of it… If your bank is worried about you, they might call you but they will never e-mail you and tell you to ‘click here.’  By the way, when they do call you, they won’t ask for your password… although they will ask for information that will confirm who you are.

It is sad to think that phishing scams are still out there… because if people didn’t get caught every day, they would have stopped a long time ago.  It is a sad reality, and I can only hope that my readers are more informed than the folks getting duped.  But if you do hear about someone getting phished, send them here and have them read up on it!