Phishing, Vishing, Video Scams — and the Rogers Circular Hack: How Modern Cybercriminals Are Outsmarting Businesses
- hello373474
- 14 hours ago
- 5 min read
It starts with a simple phone call.
A busy professional, deep in project work, picks up what looks like a legitimate call from their telecom provider. The display name looks correct—almost. The caller politely asks them to “confirm their SIM authentication code.” It sounds routine, so they do.
Moments later, their phone loses service.
By the time they check with the official telecom company, attackers have already hijacked the account, hidden security alerts with email filters, and are attempting to place over $1,000 in fraudulent orders through linked apps and payment services.
This is a real-world scenario inspired by techniques that are happening right now. Let’s look at how these attacks are developing — and what businesses should do about it.
The New Wave: Phishing, Vishing, and Visual Vishing
What’s the Difference Between Phishing, Vishing, and Video Scams?
Type | What It Is | Example |
Phishing | Fake emails or texts pretending to be trusted institutions. | A spoofed Microsoft 365 message asking employees to “reset their password.” |
Vishing | Voice phishing — scammers calling victims directly. | A caller impersonating your telecom provider or bank, requesting codes or credentials. |
Video Scams | Deepfake or pre-recorded video messages to gain trust or urgency. | A “CEO” video message asking accounting to approve a wire transfer. |
Real-life Business Cases (U.S. & Canada)
Payroll Pirates (U.S. & Canada) – In this growing scam, hackers impersonate company executives and email HR or payroll teams requesting “urgent” changes to direct deposit accounts. Once processed, employees’ paychecks are rerouted to fraudulent accounts. According to the FBI, payroll diversion scams have cost U.S. businesses over $100 million annually.
Rogers SIM Swap Fraud (Canada) – Several Canadians have fallen victim to SIM-swap scams where fraudsters impersonate telecom employees, transferring a victim’s phone number to their device. Victims temporarily lose access to accounts secured by SMS, giving hackers a window to break in.
Deepfake CEO Video Scams (Global) – A multinational firm recently lost over $25 million when fraudsters used AI to deepfake their CEO’s voice and face during a live video call, convincing the finance team to wire funds.
Phony IT Support (North America) – Businesses receive calls or pop-ups claiming to be from Microsoft or Apple Support. Once remote access is granted, attackers install malware or extract sensitive data.
Important Canadian note — why Rogers customers should be extra cautious
If your business or employees use Rogers (or Rogers-hosted/Yahoo mail), be aware this is a real and ongoing risk vector.
If your business or employees use Rogers (or Rogers-owned Yahoo Mail), be aware this is a real and ongoing risk vector.
Rogers email accounts have historically relied on phone-based recovery and SMS flows, which can make them vulnerable if an attacker first gains control of your phone number or SIM. Rogers does offer steps to enable a wireless recovery number and SMS verification, but SMS-based recovery is inherently vulnerable to SIM-swap/port attacks.
A determined attacker can add a bogus device or phone number to your Rogers account (a SIM swap or port) and — in some reported incidents — do it without the customer receiving a clear alert in time. That allows them to intercept SMS messages and phone-based MFA. Rogers documents port fraud and SIM swap as known threats and provides guidance on how to report them.
Because attackers can also change email settings (filters, forwarding), security alerts can be hidden from you. Yahoo/Rogers support pages and community reports show attackers often modify mailbox settings so alerts are buried or forwarded elsewhere — so you might not see emails warning you about suspicious activity.
This becomes circular and highly dangerous: if your email uses the same phone/SMS path for recovery, and that phone/SMS is compromised, attackers can re-route recovery and confirmation tokens back to themselves. In short — if a hacker gets your phone/SIM and your Rogers email is protected only by phone-based recovery, they can escalate access quickly. (This pattern is visible across multiple SIM-swap and telecom-related cases reported in Canada and internationally.)
Immediate Steps if You Suspect a Rogers Account or Phone is Compromised
Don’t call Rogers from the hacked phone. If your phone is out of service or controlled by attackers you can’t trust calling from it. Use a different phone or device to contact Rogers. Rogers’ customer support and reporting pages list phone numbers and live chat options — using live chat from a secure device is often faster than waiting on hold.
Contact Rogers support (official):
Rogers general contact / support page (has chat and phone options (rogers.com>signin>chatbox and ask to chat with a Specialist).
Rogers Customer Care phone: 1-888-764-3771 (report spam or suspected fraud).
Report to national authorities and cyber incident responders right away:
Canadian Anti-Fraud Centre (CAFC) — report fraud and get guidance: 1-888-495-8501 / online reporting.
Canadian Centre for Cyber Security / Cyber Centre — general inquiries and reporting: 1-833-CYBER-88 (1-833-292-3788), contact@cyber.gc.ca. Use these channels for serious incidents affecting business infrastructure.
RCMP / National Cybercrime Coordination Centre (NC3) for cybercrime coordination and reporting (they work with CAFC/other units on large incidents).
If Rogers sends a new SIM confirmation to your (possibly hacked) Rogers email, don’t rely on that channel. Instead, ask Rogers to communicate by an alternate verified email or request in-person verification at a store (but note store staff may have script limits — escalate to a specialist via chat or escalation lines).
Use a separate, more secure email for account recovery and MFA. Create an email protected with app-based or hardware MFA (not SMS) to serve as your recovery/administrative contact for critical services. If possible, don’t use your telecom provider’s email as your primary administrative recovery address.
Preserve evidence & report to police. Contact local police and provide timelines, call logs, screenshots, and any suspicious emails. For large or business incidents, involve NC3/RCMP cyber units and CAFC as described above. (CAFC): 1-888-495-8501 (report fraud).
Practical protections Hawki IT recommends for businesses
Move critical admin accounts (domain admin, MFA-recovery emails, payroll admin) off SMS recovery and onto authenticator apps or hardware keys.
Enforce out-of-band verification and dual approval for payroll and financial changes — don’t accept a single phone call or email to change direct-deposit details.
Regularly audit mailbox forwarding rules and recovery addresses for all corporate accounts.
Set up account takeover monitoring and rapid incident playbooks with your IT provider (Hawki IT can provide this).
SUMMARY
Phishing, vishing, and deepfake/video scams are increasingly sophisticated and target businesses as well as individuals. The risk is not theoretical — it’s happening now. Hawki IT helps businesses across Canada and the U.S. build layered defenses, secure communications, and educate teams to spot sophisticated scams before they cause major damage.
Contact Hawki IT for a complimentary IT strategy consultation:
Website: www.hawkiit.com
Phone: 1-888-429-5448
Email: sales@hawkiit.com
