Phishing – BIG

Amid Friday’s massive Rogers service outage and subsequent restoration, the Toronto-based telecom has repeatedly promised to credit customers. However, Rogers hasn’t said how it will go about it, and now the scam messages are rolling out.

So, here’s your first official warning: do not click any links in any message you get about a credit for the Rogers outage. Honestly, that should be your default behaviour — clicking links, especially those received in unsolicited messages from untrusted sources, is one of the main ways that phishing scams work. People click the link and then provide sensitive information like login credentials to a fake website and boom! they’ve been phished.

Again, if you get a text, call, or other message from someone claiming to be from Rogers offering a credit for Friday’s outage, do not share any personal information or click any links.

Now getting Rogers service outage text message phishing attempts, so that’s great. pic.twitter.com/FqATmgqKFL

— Douglas Tr0n Soltys (@tron) July 9, 2022

So do yourself a favour and ignore these scams if you see them. Help your neighbour and spread the word. Do your part. Don’t get phished.

Of course, the thing that would most help stop these scams would be Rogers officially detailing how and when it will credit customers. Likely, the promised credits will come via your next Rogers bill — the company did promise to “proactively” credit users, which suggests people won’t need to do anything to claim the credit. Still, knowing for certain would go a long way to discrediting any scam message that goes against the official plan for crediting customers.

Speaking of credits, there’s also a question of what will happen for customers who subscribe to non-Rogers services that rely on Rogers internet. Wholesale internet service providers (ISPs) like TekSavvy come to mind. However, reports indicate Tbaytel is offering its customers a credit, which suggests wholesalers may receive a credit that could get passed along to their customers. It remains to be seen how this whole situation shakes out.

For now, stay safe out there and don’t get scammed!

Four Canadians face $300,000 in fines for their involvement in Canadian HeadQuarters.

The Dark Web marketplace is also known as CanadianHQ. It’s designed explicitly for Canadian users to buy and sell products that can be used for malicious activity, such as phishing kits, stolen credentials, and access to compromised computers.

The investigation was conducted by the Canadian Radio-television and Telecommunications Commission (CRTC) and involved the execution of several warrants in the greater Montreal area in 2020 and 2021.

The marketplace has since been taken offline. The CRTC said CanadianHQ was one of the largest marketplaces on the planet and “significantly contributed to harmful cyber activity in Canada.”

Steven Harroun, the chief compliance and enforcement officer at the CRTC, said this was one of the most complex cases the unit has tackled. “This case shows that anonymity is not absolute online, and there are real-world consequences when engaging in these activities.”

The investigation centred on four Canadians allegedly sending emails to customers seeking personal information, such as credit card numbers and banking credentials. The CRTC said the emails were “mimicking well-known brands,” and the penalties stem from sending messages without consent under Canada’s anti-spam legislation (CASL).

Chris Tyrone Dracos (aka his screen name Poseidon) was the marketplace creator and is fined $150,000. It’s alleged he aided vendors and customers with numerous CASL violations.

Marc Anthony Younes (aka CASHOUT00 and Masteratm), Souial Amarak (aka Wealtyman and Supreme), and Moustapha Sabir (aka La3sa) face $50,000 in notices of violations each.

The CRTC reports the investigation has identified other vendors and disciplinary action will soon be taken against them. Information about who these vendors are and details on their role has not been released at this time.

The CRTC asks Canadians to report spam, phishing, or any questionable practices to the Spam Reporting Centre.

Source: CRTC