Jump to solution

Phishing

smithav
Grasshopper

I have just received a very convincing phishing email from billupdate@shaw.ca (replying shows it to be a dummy address) It has disguised links to a bank info account dialogue box.

What amazes me is that unlike all other major sites Shaw have no way of reporting phishing. They only have a spam reporting address and emails to that are returned as "undeliverable" !!!

I cannot even attach the phishing email to this post to warn others

Labels (1)
1 Solution

Accepted Solutions
Jump to solution

Thanks,  Not very obvious on their site though.

smithav
Grasshopper

Thanks,  Not very obvious on their site though.

View solution in original post

0 Kudos
Reply
Loading...
27 Replies
Jump to solution

Sure they have one:  internet.abuse@sjrb.ca

rstra
Grand Master

Sure they have one: 

internet.abuse@sjrb.ca

Reply
Loading...
Jump to solution

Thanks,  Not very obvious on their site though.

smithav
Grasshopper

Thanks,  Not very obvious on their site though.

0 Kudos
Reply
Loading...
Jump to solution

Why it is not spam@shaw.ca is a mystery to me.

pcryan
Grasshopper

Why it is not spam@shaw.ca is a mystery to me.

0 Kudos
Reply
Loading...
Jump to solution

Incredible hard to find. I've been going around in circle...

jmwilkerson
Grasshopper

Incredible hard to find. I've been going around in circles on their site. I think Shaw doesn't want to know.

0 Kudos
Reply
Loading...
Jump to solution

https://support.shaw.ca/t5/internet-articles/recent-fraud...

rstra
Grand Master
0 Kudos
Reply
Loading...
Jump to solution

-- I was just told, via online chat, that internet.abuse@...

mdk
Legendary Grand Master

@rstra -- I was just told, via online chat, that internet.abuse@sjrb.ca is "only for internal use", and that I must use reportspam@shaw.ca.

About 3 days after trying to send to the former ID, I get a "connection refused" and "message too old" response.

0 Kudos
Reply
Loading...
Jump to solution

I receive  "Shaw Bill" phishing regularly from various em...

smithav
Grasshopper

I receive  "Shaw Bill" phishing regularly from various email address' .I always report them to reportspam@shaw.ca but I never receive a response from Shaw. This month's phishing email appeared to be from no_replybill@telus.com, as this address was a local provider and Shaw's main competition i forwarded it to  Shaws spam reporting address and a few days later contacted Customer Service by "chat"  to ask why Shaw does not respond.

After the usual delays caused by having to provide 5 different forms of ID for "security purposes" and in getting the Shaw associate to communicate in understandable English I was told that Shaw receive many complaints regarding phishing and cannot respond to all of them.

I replied that PayPal also receive many phishing complaints and they have the courtesy to respond to every one. I commented that Shaw appears to take security very seriously when logging into chat, but doesnt seem at all concerned that fraud is being committed due to its own lack of email security. I then asked what action Shaw would take, especially since this email came from a Telus account. 

This appeared to confuse the associate, the quality and grammar of his reply did not fill me with confidence. I suspect that Shaw does not care that phishing is perpetrated in its name and they consider that the responsibility for identifying phishing emails is their customers not theirs.

0 Kudos
Reply
Loading...
Jump to solution

-- especially since this email came from a Telus account...

mdk
Legendary Grand Master

@smithav -- especially since this email came from a Telus account

Check the E-mail headers. Just as easily as you have configured your E-mail program to use the correct values into the "first-name-last-name" field, and into the E-mail ID field, spammers can insert "spoofed" values, as part of their effort to try to trick you into accepting that the E-mail has originated from a TELUS ID.

Never place 100% trust in the values in the "FROM:" field.

 

0 Kudos
Reply
Loading...
Jump to solution

Aren't you rather missing the point here? This is a discu...

smithav
Grasshopper

Aren't you rather missing the point here? This is a discussion about Shaw's lack of concern regarding phishing.  I'm well aware that email addresses can be spoofed, and perhaps I should have said "appears to have come from". But why would a phisher spoof an address to show that an email, which is supposed to be coming from Shaw, is coming from Telus?

0 Kudos
Reply
Loading...