Phishing Attacks Impersonating Canadian Banks Work So Well, the Campaign Has Been Running for Two Years

As part of a massive ongoing phishing campaign, the same group of attackers leverage hundreds of lookalike phishing websites to steal from unsuspecting banking customers. Security researchers at CheckPoint have uncovered a two-year phishing campaign targeting customers of Canadian banks. Emails sent under the guise that banking users need to activate a digital certificate as part of their “online enrollment” appear to be enough of a ruse to cause their victims to click on the bogus PDF attachments.

Users are taken to look-alike logon pages, are prompted to provide their ID and password, and then are asked to provide the two-factor authentication sent to their mobile.


The scam here is that while the user is waiting for the supposed text to come in, the bad guys are logging into the victims accounts and transferring money.

While this attack focuses on consumers, the methods used can easily be leveraged to steal credentials for business-related websites. The use of actual two-factor authentication can minimize the chances of a successful attack, although there have been instances where two-factor authentication logon requests have been successfully bypassed.

So, it’s important to also arm your users with Security Awareness Training so they understand the methods used to attempt to trick them into providing credentials and, potentially, putting your organization at risk.

Can Your MFA Solution Be Hacked?

48% of cybersecurity breaches are NOT preventable by strong multi-factor authentication. While MFA can decrease your cybersecurity risk, all MFA mechanisms can be hacked. KnowBe4’s Multi-Factor Authentication Security Assessment (MASA)  is a complimentary IT security tool that helps you gauge your organization's MFA security readiness and identifies your specific risks so you can better defend against MFA hacks.

mfa-security-assessment-reportHere's how MASA works:

  •  You will receive a custom link to take your assessment 
  • Answer a series of technology questions relevant to your MFA solution 
  • Get an instant high-level snapshot of potential risks with your MFA
  • Receive your in-depth report packed with actionable insight and detailed analysis on specific MFA attacks and tips for your top defenses 


Find out how hackable your MFA is now so you can take action to better protect your users and organization!!

Assess My MFA Solution Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews