Telus warns of email phishing scam

Telus is warning B.C. and Alberta residents to be on the lookout for a new email scam designed to get at your personal information.

Telus is warning B.C. and Alberta residents to be on the lookout for a new email scam designed to get at your personal information.

Telus spokesman Shawn Hall said there has been a huge surge in emails from scammers purporting to be from Telus, trying to trick customers out of secure information and their Telus account login details.

"What really concerns us about this one is we've really seen a dramatic increase in its volume," he said.

The emails are typical of phishing scams, where criminals send emails that appear to be from a trusted source in order to trick people into releasing personal information, including online banking names and passwords.

"In one case, they're asking for you to upgrade to a new security system, in another case to verify your account," he said.

"If you return that information, they're going to cull it and use it probably for identity theft purposes. If you come across this type of information, simply delete it."

Hall said the emails are fraudulent and are not from Telus. He said the company has intercepted or responded to hundreds of these email scams in the last week.

He said it appears to be the work of a sophisticated offshore operation.

"The common thread in every account is they're asking you to return with personal information," he said.

"In this particular case, we have been blocking the emails the scam is coming from. They are moving, though, and sending the scam from new email addresses."

Scams like this are common, Hall said, and fraudsters regularly rotate between different regions of the world, change the names of legitimate and well-known companies they claim to represent and alter details in an effort to appear legitimate.

Hall advised consumers to be cautious any time they receive a phone call or email asking for personal information. A key indication the email or phone call is fraudulent, he said, is requests for personal information the legitimate company would already have and should not need to request, such as user name or account details.