In part one of this saga I described how CIBC had sent me a text with a phone number to get them to call them, and how this is wrong.
I just went through my spam folder and found this gem:
Please contact us as soon as possible at 1-866-454-4339 (in Canada & U.S.) or 416-785-1331 (from elsewhere) to verify recent transactions on your CIBC Credit Card Account ending in XXXX.
We will also be phoning you at the primary number that we have on file for you with this message.
We are available by phone 24 hours a day, 7 days a week.
Please do not reply to this e-mail.
If you received this message in error, please send an e-mail to firstname.lastname@example.org.
I’d like to quote from CIBC’s email and text message fraud page:
Phishing emails and text messages are often sent out as spam to numerous recipients and appear to come from legitimate businesses, sometimes even duplicating legitimate logos and text. Within a phishing email, you may be requested to click on a link that takes you to a fraudulent site or pop-up window where you are asked to submit personal and financial information. A phishing text message may request that you send personal information back to
the sender through text message or call a phone number.
In order to increase the chances of a response, messages may imply a sense of urgency or an immediate risk to bank accounts or credit cards if you fail to answer. Special offers and prizes may also be promoted as incentives.
I’ve bolded all of the ways that CIBC’s email falls under CIBC’s own definition of phishing.
CIBC, you’re still doing it wrong.