Scotiabank ‘Blacklisted Location’ Phishing Scam

Customers of Canadian based bank Scotiabank are being targetted via a phishing scam email that claims that their accounts have been deactivated. 

The email purports to be an automated message that was sent because Scotiabank had attempted to send you a secure, encrypted alert. The email includes the supposed alert message as an attached PDF.

The PDF claims that the bank’s security systems detected a threat in your account because it was accessed from a blacklisted location. It warns that your account has been deactivated “pending your immediate reactivation” and urges you to click an “Activate Here” link. The PDF includes the Scotiabank logo to make it appear legitimate.

However, Scotiabank did not send the email and your account has not been deactivated.

If you fall for the ruse and click the link, you will be taken to a fraudulent webpage that has been built to emulate the genuine Scotiabank website.

Once on the fake site, you will be asked to provide your account login details. After “logging in”, you will be instructed to complete a “verification” form, ostensibly so that your account can be re-activated. The form requests identifying personal and financial information, including your card PIN and the answers to your account security questions (see screenshot below).

After you complete the form and hit the “Continue” button, you will then be redirected to the genuine Scotiabank website.

But, now, the criminals can collect the information you supplied and use it to hijack your Scotiabank account, conduct fraudulent transactions, and attempt to steal your identity.

Phishing scams continue to be one of the most common types of Internet-based fraud and target customers of many banks and other financial institutions all around the world.

If you receive an email claiming that your account has been deactivated or suspended or that you must deal with a supposed account issue, do not click on any links or open any attachments that it contains. 



Always login to your online accounts by entering the address into your browser’s address bar or via a trusted app. If there is an account problem that you need to deal with, you will most likely be informed via an internal message that appears after you have logged into the system.

The Scotiabank website includes information about phishing scams and how to submit any scam emails that you may receive.

An example of the scam email:

This automated message has been sent because Scotiabank.com has attempted to send you a secure, encrypted e-mail message REF/NO.CASCOT03-CMAOS-CASMIE8

Screenshot of attached PDF: