Home Phishing Scams Scotiabank ‘Blacklisted Location’ Phishing Scam
Phishing ScamsScams

Scotiabank ‘Blacklisted Location’ Phishing Scam

written by Brett M. Christensen September 4, 2018
Phishing word on keyboard key

Customers of Canadian based bank Scotiabank are being targetted via a phishing scam email that claims that their accounts have been deactivated. 

The email purports to be an automated message that was sent because Scotiabank had attempted to send you a secure, encrypted alert. The email includes the supposed alert message as an attached PDF.

The PDF claims that the bank’s security systems detected a threat in your account because it was accessed from a blacklisted location. It warns that your account has been deactivated “pending your immediate reactivation” and urges you to click an “Activate Here” link. The PDF includes the Scotiabank logo to make it appear legitimate.

However, Scotiabank did not send the email and your account has not been deactivated.

If you fall for the ruse and click the link, you will be taken to a fraudulent webpage that has been built to emulate the genuine Scotiabank website.

Once on the fake site, you will be asked to provide your account login details. After “logging in”, you will be instructed to complete a “verification” form, ostensibly so that your account can be re-activated. The form requests identifying personal and financial information, including your card PIN and the answers to your account security questions (see screenshot below).

After you complete the form and hit the “Continue” button, you will then be redirected to the genuine Scotiabank website.

But, now, the criminals can collect the information you supplied and use it to hijack your Scotiabank account, conduct fraudulent transactions, and attempt to steal your identity.

Phishing scams continue to be one of the most common types of Internet-based fraud and target customers of many banks and other financial institutions all around the world.

If you receive an email claiming that your account has been deactivated or suspended or that you must deal with a supposed account issue, do not click on any links or open any attachments that it contains. 

To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free! Can you help us stay online?

Learn more...

Always login to your online accounts by entering the address into your browser’s address bar or via a trusted app. If there is an account problem that you need to deal with, you will most likely be informed via an internal message that appears after you have logged into the system.

The Scotiabank website includes information about phishing scams and how to submit any scam emails that you may receive.

An example of the scam email:

Subject: #Scotia Bank InfoAlerts#Customer Service#
This automated message has been sent because Scotiabank.com has attempted to send you a secure, encrypted e-mail message REF/NO.CASCOT03-CMAOS-CASMIE8
Attached file:  ALERT-[String of Digits].pdf

Screenshot of attached PDF:

Scotiabank Phishing Scam Attached PDF

Bogus Scotiabank Update Form


 

Since you’ve read this far…

…can I ask you for a big favour?

To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.

If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.

You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.

Thank-you.
Brett Christensen