https://wp.rac.ca/rac-alias-email-address-targeted-by-scammer
We have been informed that a small number of @rac.ca alias users have received threatening scam/ransomware emails apparently both sent from their @rac.ca address and sent to their @rac.ca address.
All of the individuals who have contacted us recognized the email as being a scam and several have forwarded a copy to us so that we can alert our members. If you receive one of these emails, the simplest thing to do is to ignore it and delete the email: receiving the email and then deleting it should not cause any problems.
The scammer claims to have a password to the @rac.ca account, provides the supposed password and relies on people not remembering what the password is. In reality, the @rac.ca address is an alias and is not a true email account so it is impossible to send email from it. Its main functions are as follows:
to provide you with an opportunity to show other Amateurs that you are a member of Radio Amateurs of Canada
to provide you with an email address which is easily remembered by other Amateurs because it is based on your call sign
to enable others to email you without making your personal email address public
This scam has been around for a while and it was described in a Global News video on July 25, 2018 called “Don’t be fooled by the password email scam”, which can be found online at the following link: https://globalnews.ca/news/4353447/dont-be-fooled-by-the-password-email-scam/
Identifying the scam attempt on the <callsign>@rac.ca address is made easier by the fact that not only is there no such email account, with the exception of a very few of the first aliases created when the system was introduced, there are also no passwords associated with the addresses.
Emails sent to a <callsign>@rac.ca address are forwarded by our computer system to the private email account of the RAC member using this service, which is provided by them when they register for this service. Further information on the RAC email alias system can be found on our website at https://wp.rac.ca/cybersecurity/.
RAC’s Cybersecurity Efforts
To date, there have been no direct successful attacks on the RAC computer system or the RAC email alias system. Unfortunately attempts to defraud people through email messages and phone calls are a part of the world we live in today. We will continue to take measures to ensure that our computer system is as safe as possible and that our members are provided with information.
Radio Amateurs of Canada is continuing to increase our cybersecurity. We do not keep any financial information and only widely available personal information (such as name, call sign and dates relating to current membership) is available in our system so our risks are considerably less than compared to commercial systems.
We continue to stay abreast of any changes in cyberthreats and their responses. We are also planning on making available to members the use of security systems you may already be aware of in other systems – such as providing for the use of complex passwords (requiring at least eight characters, capital letters, numbers and special characters) as well as Two-Factor Authentication to log in to our website. We will provide additional information on security updates on the RAC cybersecurity webpage as they are made.
Tips on Avoiding Email Scams
Here are a few tips on how to avoid email scams:
Filter spam.
Don’t trust unsolicited email.
Treat email attachments with caution.
Don’t click links in email messages unless you are confident you know who the sender is.
Install antivirus software and keep it up to date.
Install a personal firewall and keep it up to date.
Configure your email client for security.
In closing, any email claiming to have your @rac.ca address and password is a scam and should be deleted. For further information on identifying and dealing with malicious emails please visit https://wp.rac.ca/cybersecurity/
Glenn MacDonell, VE3XRA
RAC President