PHISHCA

PHISHCA
Cybercriminals routinely target Canadians with phishing lures -- often via text messages (also known as "smishing") -- impersonating financial institutions, government entities, telecommunications and other companies. Their goal is to steal banking or credit card data as well as other personal identification information in order to perpetrate fraud or sell this data to other fraudsters. PHISHCA identifies and analyzes phishing threats targeting Canadians.
Victim of fraud? Report it to the Canadian Anti-fraud Centre!

Report suspicious text messages to 7726, visit Get Cyber Safe

Cybercriminals routinely target Canadians with phishing lures -- often via text messages (also known as "smishing") -- impersonating financial institutions, government entities, telecommunications and other companies. Their goal is to steal banking or credit card data as well as other personal identification information in order to perpetrate fraud or sell this data to other fraudsters.

PHISHCA identifies and analyzes phishing threats targeting Canadians.

Victim of fraud? Report it to the Canadian Anti-fraud Centre!

Report suspicious text messages to 7726, visit Get Cyber Safe

BLOG
Continued Phishing Operations Impersonating Canada Post
Aug 28, 2024 phish sms canadapost Canada Post is an ongoing target for phishing operations. In this case, the SMS message states that the recipient's package is being held. The domain used contains the text "canadapost" in order to appear legitimate. The URL in the SMS is not hyperlinked by default, so the message encourages recipients to respond with a "Y" in order to make the link clickable. Clicking the link takes the visitor to a fake website where they are prompted to enter their information. Canada Post has some resources available to help identify these types of messages. IOCs canadapost-postewcanada[.]top 107.172.201[.]26
Fraudsters Impersonate Revenue Canada
Jul 06, 2024 phish sms cra Fraudsters often target seniors and other vulnerable populations for financial scams. In this case, they sent SMS messages pretending to be from Service Canada informing recipients that Canada Pension Plan (CPP) and Old Age Security (OAS) pension payment had been postponed. The message is designed to convey urgency and deceive recipients into responding. The initial SMS message only contained a phone number, but responding with a "Y" resulted in a response from the fraudsters with a fake Revenue Canada website. Clicking the link takes the visitor to a fake website where they are prompted to enter their Social Insurance Number. For more information on these types of scams visit https://www.canada.ca/en/revenue-agency/corporate/scams-fraud/recognize-scam.html IOCs revenue-agency-cpp[.]com 23.254.243[.]123
Netflix Phishing Using "Malware" Lure
May 22, 2024 phish sms netflix Fraudsters use security related themes to generate a sense of urgency in order to convince recipients to enter their login information into fake websites. In this case, an SMS message suggests that "due to a system malware issue" the recipient must login to their Netflix account and update their payment information. The phishing domain used in the case contains a misspelling of Netflix. After clicking the link and solving a Captcha, the user is shown a Netflix phishing page. IOCs paymentupdateneftlix[.]info 185.161.248[.]172

	Phish URL	Date
	https://canadapost-postewcanada.top/c/ca/	2024-08-28
	https://revenue-agency-cpp.com/	2024-07-08
	https://paymentupdateneftlix.info/	2024-05-21