PHISHCA
Cybercriminals routinely target Canadians with phishing lures -- often via text messages (also known as "smishing") -- impersonating financial institutions, government entities, telecommunications and other companies. Their goal is to steal banking or credit card data as well as other personal identification information in order to perpetrate fraud or sell this data to other fraudsters.

PHISHCA identifies and analyzes phishing threats targeting Canadians.

BLOG
CRA Tax Assessment

Mar 29, 2025

phish sms cra

SMS phishing campaigns are prevalent during tax season. These campaigns typically direct victims to a phishing page that requests personal information like your Social Insurance Number. A recent campaign purporting to be from "Service Canada" indicated that an error in the previous years tax assessment would result in  a suspension of government benefits. 

This campaign was interesting because the initial message contained a phone number, which is the real phone number for the Canada Revenue Agency (CRA). However, victims were also instructed to reply to the text after which they were sent a phishing URL that displayed a fake CRA login page prompting the  victim to enter a Social Insurance Number.

The CRA has information on these scams here.

IOCs

canadacps[.]com

23.254.230[.]99

 

HST Rebate From the CRA

Feb 22, 2025

phish sms cra interac

SMS Phishing campaigns try to use regionally relevant lures to trick victims into handing over their banking information and/or credentials on the pretense of receiving a transfer of funds. A recent SMS phishing campaign purported to be an HST rebate transfer via Interac from the Canada Revenue Agency. 

IOCs

etransfer8nterac[.]com

176.65.142[.]66

 

Parking Ticket Campaign Spoofing The Government of Ontario

Dec 27, 2024

phish sms ontario parking

Phishing campaigns often use a parking ticket lure to trick users into handing over their payment card information to cybercriminals. These lures can be localised to in order to seem relevant and authentic. A recent SMS phishing campaign spoofed the Government of Ontario. The text of the lure was awkwardly phrased and the domain did not specifically spoof the Government of Ontario but generically referred to parking tickets. Please consult the The Government of Ontario resources on how to identify a fraud or scam here.

IOCs

helpticket-park[.]com

154.216.17[.]149

Phish URL Date
https://canadacps.com/ 2025-03-29
https://etransfer8nterac.com/1oV27fWi/oRBfUIil/vsY4GHiX.php 2025-02-22
http://helpticket-park.com/OJfy5qLu/go/start.php 2024-12-27