Skip to content

Beware email scams, says BBB


Canadian customers of Best Buy and other large companies are among the growing list whose email addresses have been exposed by a security breach that occurred last week, according to a notice posted by Epsilon, an email marketing provider based in Texas who collects customer data for numerous corporations. BBB warns that these email addresses may be targeted for phishing attacks.

“It’s possible that you may receive phishing email messages as a result,” says Lynda Pasacreta, BBB President and CEO. “The goal of these messages is to lead consumers to believe that a request for information is coming from a legitimate company?particularly one they’ve done business with before?when in reality it’s an attempt to collect information for fraudulent purposes.”

Other U.S.-based companies that are also affected by the security breach include Capital One, Barclays Bank, U.S. Bancorp, Citigroup, Walgreen Co., LL Bean Visa Card, Ritz-Carlton, Home Shopping Network, and Disney Destinations.

“Phishing” or “brand spoofing” scams are emails that appear to be from a legitimate company. Usually the messages advise that your account information needs to be updated or will be shut down unless you reconfirm your billing information, or that you have an order waiting to be verified. Phishers typically include these statements in their emails to get people to react immediately and to click on a link to a phony website to enter in their personal information, often asking for information such as credit card numbers, bank account information, social insurance numbers and passwords that will be used to commit fraud.

BBB advises the public to take these steps to avoid getting lured into a phishing scam:

Be cautious. Treat unsolicited email requests for financial information or other personal data with suspicion. Unsolicited means the email wasn't initiated in response to an action by the consumer. Do not reply to the unsolicited email or respond by clicking on a link within the unsolicited email message.

Verify the message. Contact the actual business that supposedly sent the e-mail to verify if it is genuine. Visit a secure Web site or call a phone number that you know to be legitimate.

Check for security. Only enter personal information on a secure website that you know to be legitimate. Before submitting any information, look for the "padlock" icon on your browser's status bar and check that the address in your browser reads https://? these signal that your information is secure during transactions.

Use up-to-date software. Be sure to update anti-virus software and security patches to system software regularly, and use update versions of your internet browser. Phishing messages can exploit weaknesses in your browser and initiate a drive-by download of spyware or malware without your knowledge.

Monitor your transactions. Check your monthly statements to verify all transactions. Notify your bank immediately of any erroneous or suspicious transactions.

Report it. In Canada, report any suspicious e-mails to Canadian Anti-Fraud Centre at 1 (888) 495-8501 or

Canadian Anti-Fraud Centre also advises to watch for these signs that your identity is being used fraudulently:

  • A creditor informs you that an application for credit was received with your name and address, which you did not apply for.
  • Telephone calls or letters state that you have been approved or denied by a creditor that you never applied to.
  • You receive credit card statements or other bills in your name, which you did not apply for.
  • You no longer receive credit card statements or you notice that not all of your mail is delivered.
  • A collection agency informs you they are collecting for a defaulted account established with your identity and you never opened the account.