Dec 12, 2024

phish sms wealthsimple

There is an ongoing phishing campaign spoofing WealthSimple, a Canadian online investment company. We received a fraudulent SMS message purporting to be from WealthSimple stating that there had been a security incident regarding our account and that we needed to visit a website to secure our account.

The website verifymyweaithsimpie[.]com contains the letter "i" where there should be an "l" which makes it look like the proper spelling of "wealthsimple" but it is in fact a phishing website. Visiting the site displays a fake login page. Any user credentials entered into the fake website will be stolen by the attackers. 

WealthSimple has tips on avoiding these types of scams here.

IOCs

verifymyweaithsimpie[.]com
91.202.233[.]231

Oct 11, 2024

phish sms interac

Carbon Rebate Lure used in Phishing Campaign

We received a fraudulent SMS message purporting to be an INTERAC transfer related to the Canada Carbon Rebate. The domain contains the term "securedeposit" but ends in the notorious domain suffix ".cdf" which should help users determine that this is a scam. 

CRA has some resources available to help identify these types of messages.

IOCs

securedeposit[.]cfd
45.134.37[.]86

Aug 28, 2024

phish sms canadapost

Canada Post is an ongoing target for phishing operations. In this case, the SMS message states that the recipient's package is being held. The domain used contains the text "canadapost" in order to appear legitimate. The URL in the SMS is not hyperlinked by default, so the message encourages recipients to respond with a "Y" in order to make the link clickable. Clicking the link takes the visitor to a fake website where they are prompted to enter their information. 

Canada Post has some resources available to help identify these types of messages.

IOCs

canadapost-postewcanada[.]top

107.172.201[.]26