How To Report Phishing Emails
Tips For Staying Safe Online from Alan Perry
Tech Talk: CFAX 1070
Live on Saturdays; 10:05 AM – Noon — rebroadcast on Sundays; 8:05 – 10:00 AM
“Phishing” is the tech term for online scammers who try to lure you into revealing account names, numbers, passwords, and other
confidential info, which they can use to steal money and/or your identity.
Never click on a link in an email about security, or purchases you didn’t make, that appears to be from a bank or online site where you have an account. Many, like the one below, are “phishing” emails.
Personal information error !
TD Canada Trust (email@example.com) Add to contacts 5:09 AM
To: TD Canada Trust
TD Canada Trust Easyweb
Dear TD Canada Trust Customer,
During our regularly scheduled account maintenance and veriﬁcation procedures, we have detected a slight error in your account information.
To securely conﬁrm your personal information please click on the link bellow:
[edited out for this email]
Conﬁrm Your TD Canada Trust Account and Sitekey now to enjoy the beneﬁts of online banking and ﬁnance to avoid identity theft and fraudulent activities on your account.
Note: We will be upgrading our yearly SSL Encryptedserver to prevent fraudlent activities on your account.
2015 TD Canada Trust Corporation. All rights reserved.
See if you can spot any clues that this is a scam, …
Here are several clues that this is a scam phishing email:
1. The email address which its sent from (Telefonica.net) is an email provider in France, not Canada, and they left out ‘trust’ in the name.
2. The email is sent to TD Canada Trust. They wouldn’t email themselves!
3. ‘Below’ is misspelled.
4. ‘Fraudulent’ is misspelled.
Also, if you were to mouse-over the link they want you to click on, you’d get a pop-up showing that you’d, in fact, be taken to a fake log-in page in France (.fr] !
If you get a phishing email like this, before you delete it, forward it to the security team at the company that it’s supposedly from, so they can trace it and try to catch the sender.
Below is a list of email addresses for the security teams at some of the companies most often spoofed in phishing emails. When you forward emails that you think are phishing attempts to them, do not change the subject line, so the security team members can see what the scammers are using as the email subject!
You should also copy your email to the global Anti-Phishing Working Group (APWG) at ReportPhishing@APWG.org
If you want, you can copy-and-paste these email addresses into your Contacts list, so they’ll be available anytime you encounter a phishing email in the future!
> Apple/iTunes/iCloud ReportPhishing@Apple.com
> Microsoft/Outlook/Hotmail/OneDrive firstname.lastname@example.org
> Google/gMail (they don’t have one)
> Canada Revenue Agency (they don’t have one)
> Facebook Phish@FB.com
> WhatsApp (they don’t have one)
> Dropbox abuse@Dropbox.com
> Netflix phishing@Netflix.com
> Shaw ReportSpam@shaw.ca
> Telus Fraud@TELUS.com
> Fido InternetAbuse@FidoMobile.com
> Bell abuse@Bell.com
> Rogers email@example.com
> Skype abuse@Skype.com
> Amazon Stop-Spoofing@amazon.com
> PayPal spoof@PayPal.com
> eBay spoof@eBay.com
> Royal Bank Information.Security@RBC.com
> TD Canada Phishing@TD.com
> CIBC Fraud@CIBC.com
> BMO Online.Fraud@bmo.com
> Scotiabank Phishing@ScotiaBank.com
> MBNA eMail.Fraud@MBNA.com
> Capital One abuse@CapitalOne.com
> HSBC Phishing@HSBC.com
> Coast Capital (they don’t have one)
> VanCity information_security@VanCity.com
> FedEx abuse@Fedex.com
> UPS fraud@UPS.com
> Etsy spoof@Etsy.com
If you have any additions to this list, please forward them to me at TechTalk@CFAX1070.com and I’ll update this list.
C-FAX 1070 ”Tech Talk” host