Phishing for Bell Canada

During the past four weeks or so, about once a week I have received a voice landline call where the caller begins, “Hi, I’m calling from Bell Canada Promotion Department.” The caller ID does not indicate BELL CANADA, that’s your first clue that something is amiss. The second hint (sad to say) is that the caller has an East Indian accent, and the high level of ambient/background noise suggests a low-Q call centre. Your third hint that something is amiss is that when you request a callback number the caller explains that callback isn’t possible.

Given the chance to continue, the caller explains that the call is regarding home phone, internet and TV services.

After collecting as much information as I could on these four calls, and contacting Bell several times, I have concluded that this is an identify theft phishing scam aimed at obtaining personal credentials. The call starts out sounding like it’s an offer to upgrade your Bell service, and provides details such as “home phone, internet and TV services all for just 92 dollars.” The phishing starts when you are asked to provide details to “verify your account.” They may bail out when they have the details they want – or, more likely and more insidiously, the call-centre employee may complete the “transaction.” With the latter M.O., the call centre employee has no reason to doubt that the operation is legitimate, sort of like the fake Apple stores in China.

Bell says that they are aware the scam, and also of similar instances where the caller identifies himself as being from Rogers or Videotron.

My latest call indicated 1 816 311 0245 (MO), but it is likel;y that the caller IDs used by the scammers are fake. Why Bell allows faked-up caller ID numbers (e.g., 0000000000, 0123456789) to enter their network is beyond me.

Bell’s own Fraud Department (1 855 558 2355) is fully aware of these attempts, but explained to me at great length and in great detail why it’s not their job to do anything about it. The Fraud Department exists, they tell me, to protect Bell from fraudsters (and not, as I had hoped, to also assist in protecting their customers from fraudsters). The Fraud Department seems completely unconcerned about the potential (huge, in my opinion) to damage of the Bell brand. [This is despite Bell’s own How to protect yourself from telecom fraud page saying, “If the phishing scam involves the false representation of Bell, email the situation to abuse@bell.ca”.]

Of course, Bell has already rendered significant damage to its own brand by scraping customer traffic from the network and selling mobile subscriber browsing histories and other personal information to advertisers. But that’s another story.