BDC 

Safe use of BDC Connex

BDC offers its clients services via the BDC Connex Web site (http://www.connex.bdc.ca/), access to which is protected by a user name and password. BDC is committed to ensuring the security of this service, in order to fully protect the personal information of its clients.

BDC would like to alert you to a technique used by scammers to try and obtain company or personal information. While BDC has not yet been the target of such a scam - called "phishing" - we nonetheless want to warn you about this fraudulent practice.

Beware of scams!
Here is how phishing usually works:
  • You receive an e-mail that seems to come from BDC.
  • The e-mail address, moreover, appears to be valid (it includes the word "bdc").
  • The subject of the e-mail concerns your account.
  • The e-mail may include the BDC logo, as well as a hyperlink to seemingly connect you to the BDC Connex Web site.
  • The e-mail invites you to access the BDC site for a specific reason (for example, to keep your account active, to benefit from a special offer, etc.).
Note that in reality, BDC accounts will not expire by a given date due to inactivity, nor do we send out special financing offers via e-mail. By clicking on the hyperlink found in such an e-mail, you may very well fall into the phisher's trap! The scammer will have ensured that his site is decked out in the BDC colours, includes our logo, etc.

Falling into the trap
  • Contrary to what the hyperlink included in the scammer's e-mail seems to indicate, you will not actually be redirected to the BDC Connex web site (www.connex.bdc.ca), but rather, to the phisher's site.
  • Once you enter your user name and password on the phisher's site, he can then save these for his own fraudulent use. Note that since the scammer has no details about your BDC account, he will then display an error page alluding to a technical error. You will most likely not suspect a thing. With your user name and password in hand, the phisher can then go to the real BDC Connex site, enter your access codes and access your account… in your name.
BDC, like all other financial institutions, cannot protect you from such traps, as we have no way of preventing scammers from directly contacting you.

Avoiding the trap
Here are some safeguards to bear in mind with regard to your BDC Connex account:
  1. If you receive an e-mail that appears to come from BDC asking you to immediately access your account, do not reply to the message and do not click on the enclosed hyperlink. You should be highly suspicious of any e-mail asking you go to the BDC Connex site and access your account. Should such a situation occur, send the questionable message to (include your area code and telephone number if you want us to call you back) or call 1‑877 232-2269 to notify us and check whether the e-mail in question was actually sent by BDC.
  2. Never send personal or banking information via e-mail, which is not a secure means of communication. BDC offers special Web forms for this purpose (at www.bdc.ca and http://www.connex.bdc.ca/). These forms protect the enclosed information through use of a 128-bit encryption feature.
  3. Make sure to install and update antivirus software, as well as a firewall, to protect your computer from viruses, worms and spyware.
  4. E-mail attachments are often used by scammers to access your computer. These will often seem to come from people that you know, as hackers will ferret out the names and e-mail addresses of friends and family members to send you e-mails that will not set off any warning bells.
  5. Please report any phishing attempts to BDC, as this will help us thwart scammers' attempts to access personal information. You can easily report any scams by forwarding messages received to the following address: .
  6. If you believe that others may know your password, we recommend that you change it. You can do this on the BDC Connex Web site, by first clicking on "My Account" then on "Change my password". Frequently changing your password is an excellent security measure. Don't forget to choose a password that others will be unable to "guess".
BDC client communications
BDC's communications are, for the most part, done via letter or telephone. The only e-mail BDC may send you with regard to your BDC Connex account is an initial message, subsequent to your request for online account activation, to provide you with a temporary password. You can then choose to receive your password by telephone or e-mail (this e-mail would not, however, include your access code).

For more information on phishing, we invite you to read these articles:

In English:

Federal Trade Commission for the Consumer, FTC Consumer Alert - "How not to get hooked by a 'phishing' scam", June 2004
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

Matt Hines, "Caught in a phishing trap", CNET News.com, November 17, 2004
http://news.com.com/Caught+in+a+phishing+trap/2100-1029_3-5453203.html

Russell Kay, "Phishing", Computerworld, January 19, 2004
http://www.computerworld.com/securitytopics/security/story/0,10801,89096,00.html

In French:

"Ne mordez pas à l'hameçon"
http://www.infometre.cefrio.qc.ca/loupe/sistech/1104.asp#4

Radio-Canada, "Attention aux faussaires !", Enjeux, November 2004 (feature story, available online free of charge)
http://radio-canada.ca/actualite/v2/enjeux/niveau2_1072.shtml

Visa Canada, "Un rapport révèle que l'hameçonnage s'accroît à un rythme alarmant", press release, November 3, 2004
http://www.visa.ca/fr/about/mc_article.cfm?pid=45