Thursday, August 4, 2016

Phishing Email - Canadian Imperial Bank of Commerce (CIBC) Alert

Phishing Email - Canadian Imperial Bank of Commerce (CIBC) Alert

Update Friday, May 05, 2017 - CIBC Account Alert! [323IH]

For the record a recent CIBC phishing email is circulating and is here is for the record, in case it makes it paste your Junk or Spam filter.

What to do? Report them mark as Phishing Email not SPAM

Report Phishing URLs at Google now as well; 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/?hl=en&url=teti.az
  2. https://www.google.com/safebrowsing/report_phish/?hl=en&url=banknerd.ca


Here is the HTML view of the email 



Here is the email viewed as text


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
 //banknerd.ca/wp-content/uploads/2010/01/CIBC-2.jpg>; This e-mail has been sent to me@outlook.com by Canadian Imperial Bank of Commerce.  

 

Online Banking CIBC ALERT: Due to an unusual number of failed login attempts, your online banking access has been temporarily suspended.

To restore your account access please click:

Log On to CIBC Online and proceed with the verification process. //teti.az/cbonccverify/index.php> 

IMPORTANT NOTE: If we do not receive the appropriate account verification within 24 hours, you will need to visit a CIBC branch to restore your account access.

Sincerely,
CIBC Online(SM)

 
________________________________

© Copyright Canadian Imperial Bank of Commerce 2016  © 2016


How to tell this is a Phishing email ?


  1. Convert the email view from HTML to text, check for bad URls.
  2. Hover over all links in email, if it's not from the CIBC.com site then forget it.
  3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.

For this phony email, well look at the "message header".




At line 21 you have Return-Path: noreply.74123618@baesystems.com
and is the dead give-away since domain is not cibc.com.
Why look at "Return-Path"? When the e-mail is put in the recipient's mailbox, a new mail header is created with the name "Return-Path:" containing the address on the MAIL FROM command. So it's a quick hit to determine authenticity.

Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (downarrow to top right)->Report Phishing 

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx
Posted by metadataconsulting (profile) at 1:21 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)