PHISHCA


RBC / Apple Pay Phish
Apr 03, 2024 phish sms rbc apple
We recently received an RBC / Apple Pay phish that directed recipients to a spoofed RBC login page. The SMS suggested that Apple Pay had been added to "Andrew's IPhone" and encouraged recipients to click the phishing link if this information was incorrect. The subdomain of the domain data-en[.]fr contains "rbc-online-banking" in an attempt to appear legitimate.
IOCs rbc-online-banking.data-en[.]fr data-en[.]fr 172.64.80.1 (Cloudflare) [IOC Details]

RBC / Apple Pay Phish

Apr 03, 2024

phish sms rbc apple

We recently received an RBC / Apple Pay phish that directed recipients to a spoofed RBC login page. The SMS suggested that Apple Pay had been added to "Andrew's IPhone" and encouraged recipients to click the phishing link if this information was incorrect. The subdomain of the domain data-en[.]fr contains "rbc-online-banking" in an attempt to appear legitimate.

IOCs

rbc-online-banking.data-en[.]fr

data-en[.]fr

172.64.80.1 (Cloudflare)

[IOC Details]