Fraudsters have used Covid19 to start a number of phishing attacks, targeting the public to get their personal information.  These range from the government’s new aid schemes to the closing down of your streaming accounts when you need them most.  Here we show a Costco phishing scam to show you how the fraudsters work.

This phishing scam always starts with a text or unsolicited email:

-Note: in this case, the text is claiming to be from Costco, but we’ve seen others claiming you’re due a credit from your phone service provider, Netflix or something similar.

Text message short

If you click on the link it brings you to this page or something similar:

2. leavecasa first page
At this point the scammers want you to click on the link for your bank….

3. Fake Royal Bank Sign on

Note: The page looks just like your usual bank login page except if you take a look at the website address, you’ll see it is NOT your bank’s address. (In this case, it’s from “” but could be something else). Here they are hoping you’ll enter your login information to your bank account.

3b-all banks-Harvesting login details
The links will lead you to whatever bank you choose and all will appear legit except it’s NOT the correct bank address!

You may even be directed to enter your personal security questions:

4. Harvesting answers to personal questions

Now that they have your information, they sign off with this message:

5. closing out

And finally,  you are redirected to your bank’s legitimate login page:

6. Royal Bank real
This is called a phishing scam. As you can see, the fraudsters are trying to deceive you into giving them your banking details… and then get full access to your account until you realize your funds are drained! Unfortunately, as this was your fault, it is unlikely that you will get your money back.

How do I avoid becoming a victim?
1. Remember- The companies you deal with, be it your phone company, Costco, credit card company, etc. will NEVER issue you a credit by e-transfer. They will simply credit your account or send a cheque in the mail. NEVER enter your login details from a link of an unknown sender.
2. With the COVID 19 orders to stay home, fraudsters know more people will be watching Netflix and other streaming services. We have seen phishing attacks pretending to be these providers.
3. Always check the website address if you’re given a link to click on. Sometimes, a fraudster will try to replicate an address by changing just one letter.
4. If you receive a text about an e-transfer you didn’t expect, it is a good idea to check with the sender first to make sure it is legit. Look up the phone number or contact yourself and don’t rely on the number that was texted to you.