Blog / Where’s Sherlock when You Need Him? – Latest Emails Appear to Come from the Bank of Montreal, but It’s Actually a SCAM
We love to watch British dramas and the crime genre is among our favourites. Midsummer Murders follows the exploits of Inspector Barnaby and his colleagues, as they investigate murders in the quaint English countryside. It’s a wonder they have any people left at the rate the writers kill people off. Endeavour, Shetland, Broadchurch, Inspector Lewis; the list of these series is almost endless. We avoid the darker ones; we prefer our murders to be light.
Of course, no discussion about English detectives would be complete without reference to Sherlock Holmes. For decades, the enduring character has been the subject of multiple remakes and new story-lines. The latest series with Benedict Cumberbatch as Sherlock, is especially entertaining. The writers have endowed him with almost superhuman powers of observation and reasoning. It’s high energy, snappy, engrossing, and totally unrealistic.
During a review of our SPAM logs and trapped attachments, we came across an interesting file attached to an Email. It was a PDF file (not unusual), but the reason it was caught in our SPAM filter was that it was encrypted. It required a password to unlock it.
When we looked at the Email, we saw that it was from BMO (Bank of Montreal). It even appears to come from firstname.lastname@example.org. The content of the message referenced a confidential “Case” that required Action. The password to decrypt the attached PDF file was helpfully contained in the Email. Say what? Who sends a password in the same Email as the encrypted document?
Well, now we’re curious, so our Tech Barry entered the password to decrypt the document. Up pops a very authentic-looking form from BMO, asking you to sign into the Online Business Banking system. It catches the User ID and Password, but then it asks for the 8 or 12-character Security “Token” – that’s NEW!
The website that the document actually takes you to is a fake: www22bmocom.com. The real BMO site is www22.bmo.com, so most people wouldn’t recognize the difference. Of course, Hollywood’s Sherlock would spot it immediately, but most of us are like Dr. Watson and once we enter our information, the game is afoot. The Hackers have a set of legitimate BMO bank login credentials and they’re just a few short clicks away from cleaning out the bank account.
With Deerstalker hat firmly in place, we did a bit more sleuthing and found that the fake website domain had been registered the very day of the fake Email, and was registered in Ottawa. Who said all Hackers work out of Eastern Europe? The provided name (James Bibi) is fake, as is the company name (genn bibi & company), but the Ottawa address (201 Friel) is real; although it has a bed bug report dating back to 2015, which only proves you can find lots of useless information on Google. A reverse lookup on the phone number (613 292 2323) leads nowhere, except to say it is a cell phone number.
Oh well, back to the Email and attachment. There is a very good reason the attachment was encrypted – it prevents Anti-Virus programs and firewalls from reading the file to look for known virus signatures, which is precisely the reason our SPAM filter blocked it. While our Client was protected in this case, it’s not always a happy ending.
There is only one way to ensure you don’t fall victim to one of these Email scams – attachments or otherwise:
… trust an embedded hyperlink in an Email or attachment. Always open your browser independently and TYPE the URL – or use a trusted favourite local bookmark. Once you have the website open, TYPE the user name, password and other credentials – or – if you use a trusted and local Password Manager – allow it to fill in the values for you (do NOT use the built-in password storage capability of the browser.) These two simple steps – while inconvenient – could save you hours of frustration and keep your money safely in the bank.
If you want more information on keeping your Email & attachments stress-free, please contact me or your TRINUS Account Manager.
Well, as I write this, it’s Friday afternoon and the work week is winding down. It’s raining and cold outside, and a Sherlock Holmes rerun is waiting on the PVR. Queue the theme music!