Phishing and Vishing

Phishing

Phishing is a technique used to "lure" personal information for purposes of identity theft, using fraudulent e-mails, web pages and pop-up windows that appear to be from legitimate businesses. Often these fraudulent e-mails will contain links that take you to a phony website.People have been tricked by these deceptive solicitations into sharing personal information such as credit card numbers, personal identification numbers (PIN) and passwords.

Canadian Tire Financial Services Limited and Canadian Tire Bank DO NOT and WILL NOT ask you to disclose your credit card number, personal identification number (PIN) or password(s) via email solicitation or via a web link.
Recognize Phishing Emails
  1. Phishing e-mails will often refer to a problem with your account (for example, “Your account has been suspended for security reasons” or “Restore Your Online Banking Account”).
  2. Phishing e-mails often begin with a generic greeting (for example, “Dear Customer”) instead of addressing you by name.
  3. 1. Phishing e-mails will often portray a sense of urgency (for example “We encourage you to respond immediately.”).
Report Phishing Emails

In the event you receive a phishing e-mail, please notify Canadian Tire Financial Services Limited by forwarding the suspicious e-mail to: security@ctfs.com. It is very helpful to our investigation to include the email header within the body of your email. Should you require assistance with retrieving the email header, please contact one of our Fraud Security Representatives for assistance at: 1-800-965-5585.

Remember, never reply to or click on any links within the suspicious e-mail.

Vishing

Vishing (or voice phishing) is the voice counterpart to phishing. It is a technique using social engineering over a telephone system, most often using voice over internet protocol (VoIP), to gain access to personal or financial information for the purpose of financial reward.

Canadian Tire Financial Services Limited and Canadian Tire Bank DO NOT and WILL NOT ask you to disclose your credit card number, personal identification number (PIN) or online password(s) over the phone to an agent.
Recognize Vishing
  • Be suspicious if someone contacts you unexpectedly and asks for your personal information. Legitimate credit card issuers and other companies may contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. These legitimate businesses will ask you to confirm particular transactions; they will not request your account number or other personal information.
  • · Be suspicious of messages that claim you have won a prize but you did not enter any contest or promotion run by the prize promoter (for example, “Congratulations, you've earned 3,000 travel points. To claim your prize, please press “1”).
  • · Be suspicious of messages regarding a security concern with your account. Never call the number listed on a potential vishing scam. If you have received such a message, locate the phone number for this business via the phone book, your billing statement or refer to the number on the back of your card to verify the security concern.
Report Vishing

In the event you receive a vishing call, please notify Canadian Tire Financial Services Limited by forwarding details of the call to: security@ctfs.com. You may also report the vishing incident to 1-800-965-5585.

If you believe your personal information has been stolen or obtained by a fraudulent party either online, by telephone or any other means, call us immediately at: 1-800-965-5585

What Else Can I Do?

Contact Phonebusters (the Canadian Anti-Fraud Call Centre) to report phishing and vishing schemes at 1-888-495-8501, by fax at 1-888-654-9426 or by e-mail info@phonebusters.com.

Example of a phishing Site

Dear Customer,

Your Canadian Tire account has been suspended for security reasons.

You are kindly advised to follow the instructions below:
The update form is attached to this email. Please download the attachment, open it, and follow the instructions on your screen.

The data submitted will be transmitted over an SSL encrypted connection.
Example phishing Site

 

My Online Account

Not registered for My Online Account?