Canadian banks hit by two-year domain name spoofing scam

Canadian banks have been the target for an under-the-radar long-term attack by Ukrainian hackers, who registered more than 300 spoof domain names in an attempt to dupe customers into revealing their account codes at bogus Web sites.

Uncovered by CheckPoint, the attack starts by sending legitimate-looking e-mails containing a PDF attachment to multiple organizations and victims from Canada.

The PDF attachment uses the bank’s logo, as well as an authorisation code that the victim supposedly needs to renew their digital certificate.

When the victim clicks on any of the URLs which appear in the document, they are led to a phishing page asking them to enter their online credentials.

“Looking into the detected artifacts revealed an ongoing phishing attack that has been going after customers of Canadian banks for at least two years,” says CheckPoint. “By sending highly convincing e-mails to their targets, constantly registering look-alike domains for popular banking services in Canada and crafting tailor-made documents, the attackers behind this were able to run a large-scale operation and remain under the radar for a long time.”