Canadian firms targeted with increasingly sophisticated phishing techniques

TORONTO — Fraudsters have become creative in disguising email that contains dangerous links and attachments and Canadian firms may be falling for the scams more often than those in other countries.

“We’ve seen everything from fake divorce papers to fake medical diagnoses, sometimes not even for the recipient of the email,” Proofpoint senior vice-president Ryan Kalember said in an interview at a Toronto cybersecurity conference.

“Humans are naturally curious creatures. We’re going to fall for that at some rate.”

A recent Proofpoint analysis found nearly 100 criminal cyber campaigns that targeted Canada between Jan. 1 and May 1 this year, in addition to thousands of other generic campaigns that reached Canada through the internet.

One type of malware noted by Proofpoint was DanaBot, which has been used to send out Canada Post-themed lures.

“We’ve seen a couple of campaigns leverage Canada Post branding. And that’s not uncommon. Package-delivery lures are always somewhere in the top five in terms of phishing that works for attackers,” Kalember said.

The danger for people who get such emails is that they may download software that could grab passwords, or send more fraudulent spam messages to reach more victims, or lock out access to system files.

David Masson, the Canada country manager for Darktrace — a cybersecurity firm — agrees that spoofing scams that hijack well-known brands are quite common internationally and Canada’s experience is similar.

But Masson said a Darktrace analysis last year found its Canadian clients were about three times as likely to download malware compared with clients in other countries.

“Which would indicate to me, that people were receiving links, phishing emails, business compromise spoofs — people being tricked …. into effecting the attack on themselves. You know, victim-operated attacks,” Masson said.

However, Masson sad there is a lack of official statistics on this type of security breach.

A database search done for The Canadian Press by the Canadian Anti-Fraud Centre suggests there’s been a rise in reports of suspected Canada Post-themed scams this year. It found 35 suspected frauds using Canada Post branding over 12 months ended May 1, including 26 in 2019.

The Office of the Privacy Commissioner said in an email that it was aware of this type of email spoofing, but had not heard anything specific to Canada Post and had not “received any recent complaints that relate specifically to this type of breach.”

Kalember said criminals have also used more sophisticated campaigns to target Canadians, using specific information about their targets that has been accumulated through many years of database breaches.

“Every single one of us has our email credentials tied up with all of these huge breaches that we hear about.”

That means hackers have many examples of how companies send internal messages, which people are in a position of authority, and even a record of old passwords that provide clues to new passwords, he said.

“And the longer that somebody has worked at an organization, the more predictable their password is likely to be,” Kalember said.

As a result, that has created a different type of email vulnerability for companies that build their business communications around a cloud-based system such as Microsoft Office 365 or Google Docs.

Once fraudsters have figured out a key person’s password, they can wreak havoc on a company by impersonating a supervisor and instructing a staff member to redirect the payroll or other payments to a different account.

“If a fraud actor can successfully empty that bank account, it can be quite catastrophic. And we’ve seen this quite regularly,” Kalember said.

Kalember said many times the criminal campaigns are unreported, so it’s difficult to quantify their frequency.

“That said, the attackers all measure this extremely carefully and the fact that they’re doing more of it is a clear indication that it is working — at least in some fashion.”

A Canada Post media representative said in an email that “unfortunately, malicious phishing emails circulate from time to time” and pointed to for advice on how to detect phishing emails and avoid falling for them.

“When Canada Post makes a delivery attempt, we leave a delivery notice card at your door or in your mailbox. We do not contact you by email unless you have requested it,” the website says.

The postal service also recommends that customers delete suspicious emails containing a link or file and report suspicious email to the Canadian Anti-Fraud Centre or Canada Post customer service.

Just Posted

Alberta energy war room must avoid online morass, preaching to choir: experts

CALGARY — Tzeporah Berman only learned of her cameo appearance at an… Continue reading

Two dead, including one who police believe was a child, in Alberta house fire

PLAMONDON, Alta. — Two people, including one who police believe was a… Continue reading

CSIS destroyed secret file on Pierre Trudeau, stunning historians

OTTAWA — Canada’s spy service destroyed a Cold War dossier on Pierre… Continue reading

Premier refuses to back down on plan to scrap 18,000 immigration applications

Quebec Premier Francois Legault is holding firm on his plan to scrap… Continue reading

Pro-pipelines rally draws crowd to City Hall

Canadian Taxpayers Federation says Canada missing out on billions in revenue

Federal cabinet decision on fate of Trans Mountain pipeline due Tuesday

OTTAWA — The Liberal government’s $4.5 billion gamble to buy the Trans… Continue reading

Skier, 22 dies after fall on Mount Haig near Castle Mountain Ski Resort

PINCHER CREEK, Alta. — RCMP from the Pincher Creek, Alta., detachment are… Continue reading

4 years in, Trump fondly recalls Trump Tower campaign launch

NEW YORK — It was the escalator ride that would change history.… Continue reading

Massive protests draw apology from Hong Kong leadership

Hong Kong citizens marched for hours Sunday in a massive protest that… Continue reading

Butterfly garden keeper manages to film large tarantula shedding exoskeleton

VICTORIA — A 20-centimetre tarantula capable of killing a bird has been… Continue reading

Telegraph-Journal wins 2018 Michener Award recognizing public-service journalism

OTTAWA — The Telegraph-Journal in New Brunswick has been named the winner… Continue reading

Victorious Raptors cancel their return to Toronto after becoming NBA champs

TORONTO — Some Raptors players returned to Toronto on Saturday night for… Continue reading

How a Montreal working-class neighbourhood’s activists changed Quebec and Canada

MONTREAL — The Pointe-St-Charles neighbourhood is isolated from the rest of Montreal… Continue reading

Most Read