CIBC "secure message" email. Legit?

You’ve received a secure message from CIBC [...]

lol these fraudsters are getting more clever huh.

Cheapo-Findo wrote: ↑ You’ve received a secure message from CIBC [...]

lol these fraudsters are getting more clever huh.

the [...] was my edit. I didn't bother pasting what it replaced, but here it is anyway: The French version follows/La version française suivra

We're sending you this email to let you know that you've received a secure message from CIBC. We're using secure messaging because it's the safest way for us to send you confidential information and documents.

If you weren’t expecting this email, contact the sender and delete this message without sharing it with anyone else.

I do have a CIBC chequing account and recently had my Capital One Costco card ported over. I spent 90 minutes on hold with CIBC last week trying to set up the new card for auto payment, but got disconnected.

Weren't you involved in some porn scandal email recently?

Unless you are expecting a secure email from CIBC, then it is a scam/phish.

I recently used cibc's secure email but I was on the call with cibc mortgage and they sent the email while talking to them

You do have to register for another account to use CIBC / Simplii Secure Messaging. However, if you weren't expecting any messages just delete the email.

It looks like what I received after setting up the auto payment service on my CIBC Costco card over the phone a couple of days ago.

Unfortunate that it doesn't just appear in the secure messages of their Online Banking.

kjc wrote: ↑ It looks like what I received after setting up the auto payment service on my CIBC Costco card over the phone a couple of days ago.

Unfortunate that it doesn't just appear in the secure messages of their Online Banking.

Ok that’s reassuring. Like I said I called up for the exact same reason but got cut off before it was finalized. This totally looks like a phishing scam other than the actual CIBC URL link in the email, and your response is another clue that this might actually be legit. Did you follow through with filling it out or did you delete it?

I went through the registration and was able to see the CIBC agreement with part of my card number and the bank account I authorized with them for the service.

I was advised during the call to expect this email from them.

Scam, it looks to be a scam, delete it

I got similar messages when transferring RESP's and TFSA's. CIBC is forcing their FA's to use that system for all e-mails no matter how inane. I told them if they couldn't communicate through normal e-mail then the deal was off and they started communicating normally. I believe the idea is that it allows for the encryption of confidential attachments when you get to that point, but I already do that myself and had no desire to set up a new login.

Sigh. No wonder that people fall for email phishing scams, when even legitimate emails from real banks fail all the phishing email smell tests.

Clacker wrote: ↑ I got similar messages when transferring RESP's and TFSA's. CIBC is forcing their FA's to use that system for all e-mails no matter how inane. I told them if they couldn't communicate through normal e-mail then the deal was off and they started communicating normally. I believe the idea is that it allows for the encryption of confidential attachments when you get to that point, but I already do that myself and had no desire to set up a new login.

All my direct communication from CIBC comes this way. You have to login to see the message. PIA.

Yup, have gotten similar secure message email but only after I expected it as was on phone with rep.

More then likely it is valid as you mentioned setting up cc.

There's many website checkers online so perhaps try a few of those.

I don't understand how banks cannot send this information inside your inbox when you login into their website.
It's unbelievable they send emails with links in 2022.

Call CIBC and ask them if they actually sent the secure message.

Kiraly wrote: ↑ I just got an email purportedly from CIBC.

You’ve received a secure message from CIBC [...]
If you weren’t expecting this email, contact the sender and delete this message without sharing it with anyone else.

To use secure messaging:

Open your secure message by selecting the “My secure message” link at the end of this email. If the message doesn’t appear right away, wait a couple minutes and try again.
If you haven’t already done so, register and set up a password. You’ll need to remember this password to use secure messaging in the future.
Use the “Reply” button in the secure message to respond.
If you’d like to keep a copy of your secure message, make sure you print or save it. You’ll only be able to access the link in this email for the next 60 days.


I thought this looked like a scam so I logged in to my CIBC online banking, and sure enough no message appeared there.

But the link at the bottom of the email did go to CIBC, so I tried clicking on it. It goes to a page that looks like below. I didn't fill it out.

Is this for real? If so, this has to be one of the biggest failures I have seen on the part of a bank to try to communicate with me. It fails all of the phishing scam smell tests.


Screen Shot 2022-03-16 at 7.32.33 AM.png

I don't deal with CIBC (beyond having a credit card with them) so I don't know how their secure messaging/document system works but I've dealt with certain institutions that do send secure/private documents using the method that you've outlined. TD has done this with me either via TD Wealth, TD Direct Investing, or TD Canada Trust but these happened when I was expecting the secure/private document and I don't remember the exact sequence but clicking on the link, automatically texted my US cellphone where I needed to enter the code on the computer screen to download/view the document on their server. SunLife also had something similar when I dealt with them and they wanted to send me a secure document.

I work in IT and without seeing the exact message (on a computer) as well as the email header information, it is difficult to tell whether it is a scam/phishing. That being said, the screenshot that you attached seems to only be creating an account on a system where you are only revealing your name is linked to the email address so as long as you aren't in the habit or re-using passwords, they aren't getting any confidential information.

MoneyHypeMike wrote: ↑ I don't understand how banks cannot send this information inside your inbox when you login into their website.
It's unbelievable they send emails with links in 2022.

If they are sending documents, they often times can't do this. For example, TD Canada Trust's EasyWeb Inbox system doesn't allow them or you to send attachments.

I've had TD use some sort of secure document system to send documents for me to read and digitally sign.

lmcjipo wrote: ↑ If they are sending documents, they often times can't do this. For example, TD Canada Trust's EasyWeb Inbox system doesn't allow them or you to send attachments.

I've had TD use some sort of secure document system to send documents for me to read and digitally sign.

I understand, but the initial email where you click the link could be in your inbox. This way you know it's a legit communication from the bank.

lmcjipo wrote: ↑ If they are sending documents, they often times can't do this. For example, TD Canada Trust's EasyWeb Inbox system doesn't allow them or you to send attachments.

I've had TD use some sort of secure document system to send documents for me to read and digitally sign.

Yep, exactly this. The banks can't justify the expense involved to add attachment capability to their website/app messaging so they use a third-party solution to handle these cases.

If OP is expecting the message and the link in their email goes to a subdomain of CIBC.com – like https://secure-email.cibc.com/ – it's legit.

Just make sure that ".cibc.com" is the last thing before that first slash after the "https://". Anything like "cibc.com.spoof.com" or "www-cibc.com" would be much more questionable.