| PHISHCA |
|---|
| Cybercriminals routinely target Canadians with phishing lures -- often via text messages (also known as "smishing") -- impersonating financial institutions, government entities, telecommunications and other companies. Their goal is to steal banking or credit card data as well as other personal identification information in order to perpetrate fraud or sell this data to other fraudsters. PHISHCA identifies and analyzes phishing threats targeting Canadians. |
|
|
| BLOG |
|---|
|
Another Canada Post SMS Phishing Campaign |
|
Apr 22, 2024 phish sms canadapost
Canada Post has some resources available to help identify these types of messages. IOCs canadapost-myparcelfinder[.]com 162.0.231[.]155 |
|
RBC / Apple Pay Phish |
|
Apr 03, 2024 phish sms rbc apple
We recently received an RBC / Apple Pay phish that directed recipients to a spoofed RBC login page. The SMS suggested that Apple Pay had been added to "Andrew's IPhone" and encouraged recipients to click the phishing link if this information was incorrect. The subdomain of the domain data-en[.]fr contains "rbc-online-banking" in an attempt to appear legitimate.
IOCs rbc-online-banking.data-en[.]fr data-en[.]fr 172.64.80.1 (Cloudflare) |
|
Netflix SMS Phishing Campaign |
|
Mar 04, 2024 phish sms netflix
|
Fraudsters continue to use fake Canada Post phishing sites to entice users into entering their personal information and credit card details. In this case, the SMS message states that the recipient's package is being held and is at risk of being returned unless the recipient updates their information. The domain used contains the text "canadapost" in order to appear legitimate. When clicking the link, the recipient must first solve a Captcha before being shown the spoofed Canada Post page. 
| Phish URL | Date | |
|---|---|---|
|
https://canadapost-myparcelfinder.com/ | 2024-04-22 |
|
https://rbc-online-banking.data-en.fr/ | 2024-04-03 |
|
https://data-en.fr/ | 2024-04-03 |
|
https://myaccoun1tnetflfixssl.info/ | 2024-02-23 |