NIEF Contracting

New Scam – Tim Hortons Gift Card Scam

How to Identify Spam and Phishing Messages
Protect yourself and your organization from cyber threats.

Cybercriminals use deceptive tactics to trick individuals into revealing sensitive information or clicking malicious links. Understanding how to recognize spam messages is a critical step in safeguarding your data.

Below are three common indicators of a fraudulent message, illustrated with examples:

1. Look Closely at the Web Address (Fig. 1)

Example: The message links to timhorton.ca instead of the official TimHortons.ca

Why this matters:
Fraudulent messages often use domains that closely resemble legitimate ones to mislead recipients. Even small differences in spelling or domain extensions (e.g., .ca instead of .com) can indicate a scam.

Best Practice:
Before clicking, verify that the URL matches the company’s official website. When in doubt, access the site by typing the address manually into your browser.

2. Generic Greetings Instead of Your Name (Fig. 2)

Example: The email begins with “Hi [YourEmail]” rather than addressing you by your actual name.

Why this matters:
Reputable companies generally personalize their communications. A generic greeting or use of your email address instead of your name may suggest the message was part of a mass phishing attempt.

Best Practice:
Treat messages that do not include your name or other personalized details with caution.

3. Link Redirects to an Unrelated or Foreign Site (Fig. 3)

Example: Clicking a link in the message redirects you to a German business website.

Why this matters:
Legitimate companies do not route traffic through unrelated or foreign domains. A redirect to a suspicious or irrelevant site is a strong indication of malicious intent.

Best Practice:
Hover over links before clicking to confirm the actual destination. If it looks unfamiliar or unrelated to the sender, do not proceed.

What You Should Do

  • Do not click suspicious links or download unexpected attachments.
  • Report suspicious emails to us if you have an account with us, or to the RCMP if you think they have gotten information from you.
  • Contact the company directly using a verified phone number or official website.
  • Delete the email if it appears fraudulent.

Stay vigilant. Think before you click.
A moment of caution can prevent significant risk.

nief_rhd6h9

, ,

Leave a Reply

Your email address will not be published. Required fields are marked *