Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    • Blog
      • /
    • Phishing
      • /
    • Phishing Attacks Impersonating Canadian Banks Work So Well, the Campaign Has Been Running for Two Years

    Phishing Attacks Impersonating Canadian Banks Work So Well, the Campaign Has Been Running for Two Years

    Stu Sjouwerman | Jan 10, 2020

    As part of a massive ongoing phishing campaign, the same group of attackers leverage hundreds of lookalike phishing websites to steal from unsuspecting banking customers. Security researchers at CheckPoint have uncovered a two-year phishing campaign targeting customers of Canadian banks. Emails sent under the guise that banking users need to activate a digital certificate as part of their “online enrollment” appear to be enough of a ruse to cause their victims to click on the bogus PDF attachments.

    Users are taken to look-alike logon pages, are prompted to provide their ID and password, and then are asked to provide the two-factor authentication sent to their mobile.

    figure-2

    The scam here is that while the user is waiting for the supposed text to come in, the bad guys are logging into the victims accounts and transferring money.

    While this attack focuses on consumers, the methods used can easily be leveraged to steal credentials for business-related websites. The use of actual two-factor authentication can minimize the chances of a successful attack, although there have been instances where two-factor authentication logon requests have been successfully bypassed.

    So, it’s important to also arm your users with Security Awareness Training so they understand the methods used to attempt to trick them into providing credentials and, potentially, putting your organization at risk.

    Topics: Phishing

    Find out if your organization's MFA solution
    can be hacked by cybercriminals now!

    Did you know that all MFA mechanisms can be hacked, and in some cases it's as simple as sending a phishing email? That's why it's important to know the exact security risks your MFA solution has and how your users' accounts may be compromised.

    masareport-thumbHere's how MASA works:

    • You will receive a custom link to take your assessment
    • Answer a series of technology questions relevant to your MFA solution
    • Get an instant high-level snapshot of potential risks with your MFA
    • Receive your in-depth report packed with actionable insight and detailed analysis on specific MFA attacks and tips for your top defenses 

    Assess My MFA Solution Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/multi-factor-authentication-security-assessment

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All