This was in my email inbox this morning. Thing is, the only account I have with RBC is a VISA and I never set up online access for it. Also, RBC wouldn't have my email address on file...


Dear Valued Royal Bank Of Canada Customer:

We recently have determined that different computers have logged into your Royal Bank Of Canada bank account, and multiple password failures were present before the logons. We now need you to log into your account and verify your account activity. If this is not completed by October 28, 2005 we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.

To log into your account and verify your account activity, click here:
https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH

We appreciate your support and understanding, as we work together to keep Royal Bank Of Canada a safe place to do business.
Thank you for your patience in this matter.


Trust and Safety Department
Royal Bank Of Canada

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.

This web site is operated by Royal Bank Of Canada
Legal Terms | Privacy | Security

© Royal Bank Of Canada 2005

Its called phishing. Chances are the link that you posted is actually linked to a different server or the DNS entries were poisoned to point to another server.

wow these idiots wil try anything,,...the last time i got one of these it was from a bank in the states. Hope people do not really fall for it.

yeah, log in to your account, but do it from the site, not the link in that email, but the link in your email is a secure link.... tht makes it that much more beleivable

If you go to Royalbank.com and click online banking the same link is comming up that they sent you :dunno:

Originally posted by egmike
If you go to Royalbank.com and click online banking the same link is comming up that they sent you :dunno:
that means nothing. they can identically spoof a address easily.

pick up a phone and call them

theyll tell you

I would think the "www1." would tup the avergae person off??

Meh, if there is any truth to suspending the account indefinitely if I chose not to log in that fine... I have a $0 balance on the account and rarely even use the card...

The thing that sort of threw me was the same link is available from RBC's log in page... Just a heads up for anyone else...

Originally posted by 69cougar
I would think the "www1." would tup the avergae person off??
Off the royalbank website
https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH

Originally posted by egmike
If you go to Royalbank.com and click online banking the same link is comming up that they sent you :dunno:



Originally posted by 69cougar
I would think the "www1." would tup the avergae person off??


Sorry, but thats where people would get duped into this fraud.


if you still have the email, see if you can find the properties of the link.

It could be an HTML email, and if you view the html source of the email, this is what you will find:




To log into your account and verify your account activity, click here:
https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH


however in the source you see that the above url, is actually:




href="http://www.ssp-ltd.com/blog/images/royalbank.com.ibankaccess.om/">https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH</a></P>



ding ding ding

This is an actual fraud attempt.

Just a simple http:// rename.

just like this

http://www.royalbank.com (http://www.beyond.ca)

After you talk to the bank send them a copy of the E-mail. Maybe they can go after That Striped Sand Productions since It appears it's coming from their server.

Originally posted by Newk
After you talk to the bank send them a copy of the E-mail. Maybe they can go after That Striped Sand Productions since It appears it's coming from their server.

lmao, you think a couple of guys trying to get peoples bank info are going to put it on a domain registered to them?

They hacked into that domain.

Check out this site:

http://www.scam.com/

Good forum about all the scams out there!:thumbsup:

Originally posted by brandon


lmao, you think a couple of guys trying to get peoples bank info are going to put it on a domain registered to them?

They hacked into that domain.


Good point. I spoke before I thought.

As a security pratice, banks don't contact customers via e-mail on these issues. You'll be called.

Never click on the links provided in e-mail. Login directly to the website and deal with the issue.

Originally posted by Newk
After you talk to the bank send them a copy of the E-mail. Maybe they can go after That Striped Sand Productions since It appears it's coming from their server.

I am not going to call the bank. I closed the rest of my RBC banking services a couple years ago for a reason. I keep meaning to call and cancel this VISA, I just keep forgetting to.

I'm thinking you might as well just leave it open since it will improve your overall credit rating, additional credit available to you that you are not using typically looks good for your score.. or so I was told by a finance teacher.

Originally posted by b_t
I'm thinking you might as well just leave it open since it will improve your overall credit rating, additional credit available to you that you are not using typically looks good for your score.. or so I was told by a finance teacher.


I know, but I have 2 other credit cards with a $0 balance, so I might as well get rid of the one that I don't use :)

Originally posted by b_t
I'm thinking you might as well just leave it open since it will improve your overall credit rating, additional credit available to you that you are not using typically looks good for your score.. or so I was told by a finance teacher.

Not always true, this can increase the amount of revolving credit you have and depending on other factors such as your income, it can decrease your FICO score.

Originally posted by BebeAphrodite


Not always true, this can increase the amount of revolving credit you have and depending on other factors such as your income, it can decrease your FICO score.

Its called a Beacon score in Canada.

Wow, looks like Ben's the only one that understands how the scam works :).


Originally posted by brandon
lmao, you think a couple of guys trying to get peoples bank info are going to put it on a domain registered to them?

They hacked into that domain.
Royal bank didn't get hacked. Your brain did.

Originally posted by rage2
Wow, looks like Ben's the only one that understands how the scam works :).


Royal bank didn't get hacked. Your brain did.


We were talking about this domain http://www.ssp-ltd.com not RBC's

haha my bad. I guess my brain got hacked lol.

Originally posted by rage2
haha my bad. I guess my brain got hacked lol.


We might need that for evidence. lol.

He could just edit your post ;)

First let me start by saying I am well aware of who Rage is.
Second, why would he do that?

Originally posted by Ben






Sorry, but thats where people would get duped into this fraud.


if you still have the email, see if you can find the properties of the link.

It could be an HTML email, and if you view the html source of the email, this is what you will find:




To log into your account and verify your account activity, click here:
https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&amp;F7=IB&amp;F21=IB&amp;F22=IB&amp;REQUEST=ClientSignin&amp;LANGUAGE=ENGLISH


however in the source you see that the above url, is actually:




href=&quot;http://www.ssp-ltd.com/blog/images/royalbank.com.ibankaccess.om/&quot;&gt;https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&amp;F7=IB&amp;F21=IB&amp;F22=IB&amp;REQUEST=ClientSignin&amp;LANGUAGE=ENGLISH&lt;/a&gt;&lt;/P&gt;



ding ding ding

This is an actual fraud attempt.

Just a simple http:// rename.

just like this

http://www.royalbank.com (http://www.beyond.ca)

its not quite that simple, they also trick your browser to show the royal bank website in the address bar, when in actuality you are not at that site.

Originally posted by Newk
First let me start by saying I am well aware of who Rage is.
Second, why would he do that?

First let me start by saying, why would you need evidence?
Second, why would he delete his post? Why were you saying LOL?

Why do you think I used a winking smiley?

One of the guys at work got a phishing email. We went to it and started poking around. We could browse the filesystem on the server, it was apache and had not disabled directory listing. Even found the file that was saving all the usernames/passwords. The shear number of people logging onto that site was astounding. We reported it to Royal Bank who go ahold of us and wanted to know all the accounts so they could disable them.

It was phishing probably 2 accounts every 3 minutes. We never tried logging in with any of the accounts (duhhhh). But most of them looked legit.

We decided to try to mess up his site by writing a script that would randomly generate client id's (mod 15 I think) And passwords. But whoever wrote it knew what they were doing. And their site locked our bot after about the second fake account we generated.

There was a php script to reset the list that was being used to store the collected information. Probably right after a copy of the accounts was made. The computer it was running on was just someones pc that had been compromized.

Originally posted by Hakkola


First let me start by saying, why would you need evidence?
Second, why would he delete his post? Why were you saying LOL?

Why do you think I used a winking smiley?


I meant the hacked brain, not the post.


I think we both need to work on our jokes :D