VANCOUVER -- The Better Business Bureau is warning B.C. small businesses about a new phishing scam involving emails that appear to come from Tim Hortons.
The emails, which the BBB of Mainland BC says were first reported by a small business in the province, claim to be coming from Russel Corbat, an IT security manager at Tim Hortons. They claim that one of the coffee chain's servers has been compromised in a DDoS attack and that the recipient's information may have been compromised.
A link in the email claims to provide instructions on how to "delete malicious files" as well as "update the passwords for your website and other critical accounts," according to a news release from the BBB.
Instead, the link is malicious, the BBB said. It downloads hidden software that gives unauthorized access to files and passwords.
Tim Hortons tells the BBB the email is a scam. The company does not have an employee named Russel Corbat, and the email address for the supposed employee does not use the correct domain name. All real Tim Hortons email addresses end in @timhortons.com, not @timhortons.ca, as the phony employee's does.
"Scammers like to ride on the reputation and credibility of recognized and trusted brands to trick consumers into giving up their money and confidential information," said Karla Laird, manager for community and public relations at the BBB of Mainland BC, in the release.
The BBB advises business owners and the general public to be cautious of unsolicited emails and texts, never click on links in emails from strangers and contact a company directly if something it appears to have sent seems suspicious.
Anyone who spots a scam, even if they haven't lost any money, is encouraged to report it on the BBB website.
