Canadian Banks Spoofed

Researchers have discovered a two-year phishing and spoofing (disguising a communication as being from a known, trusted source) campaign targeting customers of Canadian banks.

Fourteen banks in total were spoofed in a operation that involved multiple look-alike domains. The attack started with legitimate-looking emails containing a PDF attachment. The document informed the victims that they had to renew their digital certificate to use online banking. All of the URLs in the documents led to a phishing page asking for banking credentials.

Convincing emails, look-alike sites of popular banks and tailor-made documents enabled attackers to lead a large-scale operations for two years. Users should be aware that anyone can create a spoofed website and get a legitimate certificate for it.

Author image

About Ariadna Pawluk

Cybersecurity enthusiast, hunting all the freshest news, insights and tidbits.

Support Ends for Windows 7

From January 14, 2020 Microsoft will no longer offer free updates, patches and technical support for their Windows 7 and Windows Server 2008/R2.