Log In
Register
Home
Topic RSS
Facebook
Twitter
Email this8:46 am
January 12, 2019
Offline
.
I received this email from EQ Bank this morning . . .
.
- Fraud alert: Social media scams are on the rise.
.
We want to make you aware of a recent increase in fraudulent ads on social media platforms such as Facebook and Instagram, that are posing as EQ Bank. These ads may appear legitimate, but they link to fake websites designed to steal your personal information.
While we continue to work with our partners to remove these fraudulent ads and profiles, here are a few tips to help keep your account secure:
What should you look out for?
Check the advertiser profile (usually in the top left of the ad) to confirm it is from EQ Bank, not a variation like Equitable Team or EQ Bank Marketing Team.
Be cautious of ads promoting unusually high interest rates. If in doubt, verify against interest rates on the website.
Be mindful of what the ads are asking you to do—EQ Bank will never ask you to log in to your account from a third-party website like Facebook or Instagram.
Only log in to your account via the EQ Bank mobile app or the secure desktop site (secure.eqbank.ca) before entering any personal information.
What should you do if you see a suspicious ad?
If something looks off—or too good to be true—don’t click. Instead, call EQ Bank Customer Care at 1-844-437-2265 (1-844-4EQ-BANK). We’re here to help and can quickly confirm whether the ad is legitimate.
Think you may have interacted with a fraudulent ad?
Do not share any one-time codes or passwords if prompted.
Change your EQ Bank password immediately.
Change the password for the email account associated with your EQ Bank account.
Contact our Customer Care team at the number above so we can help secure your account.
In addition to social media, cybercriminals can use emails to target their victims. Always check where emails are coming from before interacting with them. Official EQ Bank emails will only come from addresses ending in “eqbank.ca”, like contact@eqbank.ca, alert@eqbank.ca or reply@marketing.eqbank.ca.
Look Sharp ❗
- Dean
" Live Long, Healthy ... And Prosper! "
5:25 am
October 27, 2013
Offline
All this should be common sense but it is surprising how many people get caught up in clicking on emails, sponsored ads on Google, Facebook, etc. There is NO substitute for not going directly to your personal secure login of your institution to investigate for yourself.
12:16 pm
January 12, 2019
Offline
.
True ⬆ ... for most of us, AltaRed.
But I still think it's a good idea for companies (and others) to share information about scams and frauds, etc.
Afterall, many of the young still haven't grown out of their naivety, and then there's the older ones who are starting to grow back into it.
And yes, there's also a few middle-agers who just never learn, and have to be constantly reminded.
- Dean
" Live Long, Healthy ... And Prosper! "
9:43 pm
April 14, 2021
Offline
What a bunch of f***ing hypocritical a-holes.
I was contacted last July by an EQ rep who immediately wanted to authenticate my account. I told her that I had not idea who the F*** they were, even though the caller ID said that it was EQ. I told her that I would call back on the public 1-800 number and THEN she could authenticate me.
It turned out that it was, indeed, EQ about an issue. I wasted my time on hold until I finally was transferred to the original caller and we worked on the matter. I criticized her immediately about her lack of professionalism for trying to initiate contact and then asking to authenticate me! This should never be attempted by the institution, no matter how convenient it might be for them. Just because it happened to be legitimate in this instance, it would give the client a false sense of correctness. If contacted by scamf*** next time, they might think, 'it was okay last time, I'm safe to do it this time.' They were teaching their customers to behave in a thoroughly unsafe procedure.
After addressing my issue, I immediately asked for a manager to file a complaint.
"Complaint Id Number: COMP-024268
Dear XXX,
Thank you for bringing this issue to our attention. We received your complaint on 7/17/2024. If your complaint has already been resolved, please disregard this letter.
In keeping with our Customer Complaint Handling Procedures (CCHP), you will be contacted by a business unit representative within two business days to try to resolve your concerns."
Still awaiting a response. F****** a-holes.
10:15 pm
April 6, 2013
Offline
Dean said
…
In addition to social media, cybercriminals can use emails to target their victims. Always check where emails are coming from before interacting with them. Official EQ Bank emails will only come from addresses ending in “eqbank.ca”, like contact@eqbank.ca, alert@eqbank.ca or reply@marketing.eqbank.ca.
Don't rely on that. Only sloppy scammers would use a From address domain other than eqbank.ca.
The From address is whatever the sender configures their e-mail client to put there. Just like the return address on an envelope can be whatever I type in the top left corner.
2:13 am
September 29, 2017
Offline
Norman1 said
Dean said
…
In addition to social media, cybercriminals can use emails to target their victims. Always check where emails are coming from before interacting with them. Official EQ Bank emails will only come from addresses ending in “eqbank.ca”, like contact@eqbank.ca, alert@eqbank.ca or reply@marketing.eqbank.ca.Don't rely on that. Only sloppy scammers would use a From address domain other than eqbank.ca.
The From address is whatever the sender configures their e-mail client to put there. Just like the return address on an envelope can be whatever I type in the top left corner.
Actually, the true return address can only be masked, at best, but it cannot be hidden completely.
On a computer, you can hover your cursor over the From email address and reveal the true email address. If it is a legit site, the source IS legit. Of course, they can still spoof the email to be something similar, so it still takes a discerning eye.
If you want to be doubly sure, open the raw email header and look for the FROM email address to confirm.
Unfortunately, you cannot do this on a cell phone; you cannot hover your finger over a link ;-). And many email apps do not give you access to the raw header. One key reason I do not rely on a cell phone for critical transactions, communication, etc.
2:53 am
November 18, 2017
Offline
Mobile phones are the most insecure places one can attempt to do banking from!
It was a scenario like HermanH encountered that prompted me to set up "reverse-passwords" with my financial institutions to use when calling me.
RetirEd
4:57 am
March 30, 2017
Offline
RetirEd said
Mobile phones are the most insecure places one can attempt to do banking from!It was a scenario like HermanH encountered that prompted me to set up "reverse-passwords" with my financial institutions to use when calling me.
If I use my mobile phone over my home wifi, that is not that different than me using my desktop hook up to the same wifi.
7:57 am
October 27, 2013
Offline
FWIW, I always hover over the From email address on my email apps on my PC to reveal the true email address....on emails that are not to my expectations/expected/worded appropriately.
I can't do that with my mobile so I simply ignore them using that device. Most phishing emails are relatively obvious (to me at least). A growing issue is more and more phishing is via SMS/MMS these days, or even WhatsApp to some degree. I simply 'block' those without further investigation.
My view, and what I advise friends and family to do, is that an issuer of a legitimate email or SMS/MMS text will follow up in another way if it is important and urgent.
3:47 pm
September 29, 2017
Offline
RetirEd said
Mobile phones are the most insecure places one can attempt to do banking from!It was a scenario like HermanH encountered that prompted me to set up "reverse-passwords" with my financial institutions to use when calling me.
ABSOLUTELY! People have NO IDEA how insecure they are.
I had two levels of security set up on an iPhone, including MANY lockdowns around the AppleID, and Parental Controls (using all lockdowns of Screen Time), and more. Recently, my daughter knew some kid in the military (so she claims) that was able to circumvent both! YIKES!
Also, about a year ago, I reported a vulnerability to the phone logging. Even though I later discovered an article written about the exact same vulnerability, and I presented to them all these findings, Apple downplayed and ignore it.
This, on top of so many other vulnerabilities. Phones are also a target, because of so much sensitive information contained on them, all in one place. And MFA/2FA is also easily circumvented.
3:48 pm
September 29, 2017
Offline
savemoresaveoften said
If I use my mobile phone over my home wifi, that is not that different than me using my desktop hook up to the same wifi.
Use at home is the least of the issues. It is out and about, or if you lose it, or if targeted, etc, that presents the bigger issues.
7:15 pm
November 18, 2017
Offline
savemoresaveoften, and smayer97 et al: The design of mobile smartphones is the problem. The user has very little control over what software is in them and what it does, and especially who controls it!
And of course loss or theft of a mobile multiplies the problem - the attackers have all the time in the world and access to the physical hardware to seek vulnerabilities.
RetirEd
1:17 am
September 29, 2017
Offline
RetirEd said
savemoresaveoften, and smayer97 et al: The design of mobile smartphones is the problem. The user has very little control over what software is in them and what it does, and especially who controls it!And of course loss or theft of a mobile multiplies the problem - the attackers have all the time in the world and access to the physical hardware to seek vulnerabilities.
+1
8:23 am
April 6, 2013
Offline
smayer97 said
Actually, the true return address can only be masked, at best, but it cannot be hidden completely.
On a computer, you can hover your cursor over the From email address and reveal the true email address. If it is a legit site, the source IS legit. Of course, they can still spoof the email to be something similar, so it still takes a discerning eye.
If you want to be doubly sure, open the raw email header and look for the FROM email address to confirm.
…
That's not true. The From address is whatever the sender wishes it to be.
I proved that to a friend years ago by forging an e-mail from him. He knew the received message was from me because I let him know before. He knew he didn't send it to himself.
When he replied to the forgeed e-mail to congratulate me, he ended up e-mailing himself! The From address had his name and e-mail address. Even his e-mail program was fooled.
4:37 pm
January 25, 2024
Offline
Simple solution: do NOT participate in garbage social media. All those 'experts', 'influencers' and other self promoting scam is not worth your time.
I do NOT belong to ANY of those sewer networks.
9:27 pm
September 29, 2017
Offline
Norman1 said
smayer97 said
Actually, the true return address can only be masked, at best, but it cannot be hidden completely.
On a computer, you can hover your cursor over the From email address and reveal the true email address. If it is a legit site, the source IS legit. Of course, they can still spoof the email to be something similar, so it still takes a discerning eye.
If you want to be doubly sure, open the raw email header and look for the FROM email address to confirm.
…That's not true. The From address is whatever the sender wishes it to be.
I proved that to a friend years ago by forging an e-mail from him. He knew the received message was from me because I let him know before. He knew he didn't send it to himself.
When he replied to the forgeed e-mail to congratulate me, he ended up e-mailing himself! The From address had his name and e-mail address. Even his e-mail program was fooled.
You either misunderstood what I wrote or I did not explain it properly. Let me try again.
What you see as the From: email address CAN easily be forged BUT if you hover over the From:email address, the pop-up will show what the REAL email address source is, so that when you click Reply, THAT is where the reply will go. So, hovering over the From: email address will reveal the TRUE FROM: email address.
In other words, if the email in the pop-up from hovering over the From: email address does not match the From: email address originally shown, then yes, it is a spoofed or forged email address.
But my original point was about determining the source site. If the base URL or domain of the email in the hovered pop-up is legit, then there is a strong chance the email is valid... but it takes a discerning eye, e.g. don't fall for yahoo.mail.com as a legit yahoo email, since the domain for Yahoo is yahoo.com, not mail.com.
9:37 am
April 6, 2013
Offline
smayer97 said
You either misunderstood what I wrote or I did not explain it properly. Let me try again.
What you see as the From: email address CAN easily be forged BUT if you hover over the From:email address, the pop-up will show what the REAL email address source is, so that when you click Reply, THAT is where the reply will go. So, hovering over the From: email address will reveal the TRUE FROM: email address.
…
No, it does not. The From line shows exactly what I put there, the friend's name and his e-mail address.
When he replied to my forged message to congratulate me, the reply appeared in his mailbox a few seconds later. His e-mail program had sent the reply to the e-mail address in the From line, his e-mail address, not mine.
The forged message appeared to both him and his e-mail program as being sent by the him!
4:37 pm
February 22, 2024
Offline
That's true, depending on what email program you are using, in the settings you can enter the "reply" email address, the "from" field will show that address and replying will go to that email address.
7:18 am
March 15, 2019
Offline
A little bit of good news. I stopped (for now anyway) getting those phone calls about my bank account from gentlemen who speak with a particular foreign accent. I cannot name the foreign accent because the wokies/hardcore lefties will cry racism/racist.
Please write your comments in the forum.