Customers of Canadian based bank Scotiabank are being targetted via a phishing scam email that claims that their accounts have been deactivated.
The email purports to be an automated message that was sent because Scotiabank had attempted to send you a secure, encrypted alert. The email includes the supposed alert message as an attached PDF.
The PDF claims that the bank’s security systems detected a threat in your account because it was accessed from a blacklisted location. It warns that your account has been deactivated “pending your immediate reactivation” and urges you to click an “Activate Here” link. The PDF includes the Scotiabank logo to make it appear legitimate.
However, Scotiabank did not send the email and your account has not been deactivated.
If you fall for the ruse and click the link, you will be taken to a fraudulent webpage that has been built to emulate the genuine Scotiabank website.
Once on the fake site, you will be asked to provide your account login details. After “logging in”, you will be instructed to complete a “verification” form, ostensibly so that your account can be re-activated. The form requests identifying personal and financial information, including your card PIN and the answers to your account security questions (see screenshot below).
After you complete the form and hit the “Continue” button, you will then be redirected to the genuine Scotiabank website.
But, now, the criminals can collect the information you supplied and use it to hijack your Scotiabank account, conduct fraudulent transactions, and attempt to steal your identity.
If you receive an email claiming that your account has been deactivated or suspended or that you must deal with a supposed account issue, do not click on any links or open any attachments that it contains.
To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free! Can you help us stay online?
The Scotiabank website includes information about phishing scams and how to submit any scam emails that you may receive.
An example of the scam email:
Screenshot of attached PDF:
Since you’ve read this far……can I ask you for a big favour?
To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.
If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.
You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.