Bell Canada Phishing Scam Email
Email purporting to be from Bell Canada claims that, due to a problem with a recent bill payment, the customer is required to click a link and update billing information via an online form (Full commentary below
Email is not from Bell Canada. It is a scam designed to steal personal information
(Submitted, August 2009)
This e-mail has been sent to you by Bell Canada to inform you that we
were unable to process your most recent payment of bill. This might be
due to either of the following reasons:
1. A recent change in your personal information. (eg: billing address,
phone) 2. Submitting incorrect information during bill payment process.
Due to this, to ensure that your service is not interrupted, we
request you to confirm and update your billing information today by clicking here.
If you have already confirmed your billing information then please
disregard this message as we are processing the changes you have made.
After you confirm your billing information you can use your account as usual.
Thanks for your co-operation.
This email, which purports to be from major Canadian telecommunications company Bell Canada, claims that due to a problem with a recent bill payment, the recipient is required to update his or her billing information or risk an interruption of service. The recipient is advised to follow a link in the message to confirm and update billing information.
However, the message is not from Bell Canada. Instead, it is a phishing scam designed to steal personal and financial information from Bell Canada customers. Those who follow the link included in the message will first be taken to a fake login web page constructed to closely resemble the genuine Bell Canada website. Once a victim "logs in" on the fake webpage, he or she is then taken to a web form that requests sensitive information including credit card details, social insurance number and address and contact details. The web form is also designed to resemble a genuine Bell Canada webpage and includes seemingly legitimate logos, copyright information and secondary links.
Any information submitted on the fake web pages can be subsequently collected by Internet criminals and used for credit card fraud and identity theft. And, by using the login details provided on the fake login page, these criminals will also be able to access the victim's real Bell Canada account and steal even more personal information.
Bell Canada does not send unsolicited emails that ask customers to follow a link and provide personal information. You can view Bell Canada's email policy
here. The company has also published information
on its website that warns consumers about phishing scams.
Phishing scams such as this can often be identified by poor or unusual spelling and grammar. For example, in this instance, the scammers have rather amusingly greeted their targets with the words "Dear costumer", a greeting perhaps more fitting to a theatrical supply agent than a telecommunications customer. Moreover, a careful examination
of the link provided in this scam message reveals that the link does not point to a "bell.ca" web address as expected but to an entirely unrelated website. And, the fake login page and web form are not hosted on a secure (https)
website as would always
be the case if such pages were genuine.
Internet users should be very cautious of any unsolicited email that asks them to click a link or open an attachment and provide private information such as credit card or banking details, login usernames and passwords and other personal data such as social insurance numbers and contact details. Legitimate companies are very unlikely to request such information via an unsolicited email and any email that makes such a request should be treated with suspicion. If you receive a suspect email, do not click on any links in the message or open any attachment that it may carry. Do not reply to the email. If you are unsure if an email is genuine, always contact the company or financial institution directly to check before providing any personal information.
How do I know if an email is really from Bell?
Bell - Email scams and phishing
Check Links in HTML Emails
Difference Between http & https
Last updated: 7th August 2009
First published: 7th August 2009
Write-up by Brett M. Christensen