I was going through my junk mail folder and I came across an email from CIBC whose subject line is in French. French-language spam is pretty rare, so I tend to give it a second look.
Turns out it’s a legitimate CIBC email (they have a copy of it on their website) having something to do with their VISA card.
And just like the Chapters email I got last month (their email provider promised to get back to me “ASAP” but I never heard from them again), it’s something I never asked for, sent to an address that gets just about nothing but spam, from a company I’ve never done business with in my entire life. Neither I nor anyone in my family does banking with CIBC, and I have no idea how they would have my email address.
Like I did with Chapters, I checked their unsubscribe process. The link sends me to this web page which asks for, among other things, my name, phone number and last four digits of my CIBC VISA credit card. All fields are, of course, required.
There’s a few problems with this:
- The URL for this page starts with www.email.cibccards.com. Sounds kinda phishy to me.
- The fact that they ask for part of my credit card number based on an unsolicited email makes this even more worrisome. It’s encouraging bad habits and horrible security practices.
- Why is anything beyond my email address needed to unsubscribe from a mailing list?
- I don’t have a CIBC VISA credit card number because I’m not a CIBC customer! Since they require information from me that simply doesn’t exist, I can only conclude that it is impossible for me to unsubscribe from this mailing list.
Considering that this message seems to clearly violate CIBC’s own anti-phishing policy, as well as being outright spam, I’ve sent them an email asking for an explanation. I’ll update this post if they provide one.
I’ve copied the email to Komunik, makers of Konversation, the CIBC’s email marketing provider, demanding to know how they don’t consider this spam.