• Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions
Flyy Tech
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs
  • Camera
  • Audio
No Result
View All Result
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs
  • Camera
  • Audio
No Result
View All Result
Flyy Tech
No Result
View All Result

Phishing scam poses as Canadian tax agency before Canada Day

flyytech by flyytech
September 26, 2022
Home Security
Share on FacebookShare on Twitter


The lead-up to the Canada Day festivities has brought a tax scam with it

UPDATE (August 12, 2022): This article was updated to add information about a new phishing email.

 

Even though the deadline to file taxes in Canada already passed on May 2nd, 2022, some people may have filed late or are still expecting their refund. Perhaps that’s why I received a phishing email yesterday purporting to come from the Canada Revenue Agency (CRA) and promising a refund of nearly CAD$500:

Figure 1. A phishing email offering a refund from the CRA

Aside from the blunder of using guidovedebe@skynet.be as the From: address of the email, this is not how the CRA communicates. If you are using a My Service Canada Account, you should expect to receive a notification that looks like this:

Figure 2. An example of legitimate correspondence from the CRA

Understanding how phishers abuse links in emails, the CRA has taken the wise strategy of not providing links in official correspondence and instead instructing clients to navigate on their own to the official website.

If, however, you do click on the “Interac e-Transfer Autodeposit” button, you are redirected from a malicious link hosted on istandyjeno[.]hu to the malicious subfolder cra_ca_service hosted on oraclehomes.com:

Figure 3. A phishing website offering a tax refund from the CRA

The operators behind this campaign have done a fairly good job of creating a legitimate-looking page, but there are still some signs of the scam. For example, the footer of a legitimate page looks like this:

Figure 4. The footer of the legitimate canada.ca/en/services/taxes/income-tax/personal-income-tax.html

Furthermore, the menu items on the phishing page lead nowhere:

Figure 5. The menu links on the phishing page lead nowhere

Clicking on “Jobs” simply populates the URL with the value of the id attribute of the HTML element for “Jobs”.

Next, if you click on the “Proceed” button on the opening page, the next page asks for your personal information, including your social insurance number, date of birth, and mother’s maiden name – indeed, everything a phisher would need for identity theft:

Figure 6. The first phishing form asks for personal information – enough for identity theft

If a victim then clicks on the “Continue” button, the next page asks for your credit card information:

Figure 7. The second phishing form asks for credit card information

The final page falsely confirms that your refund will be deposited to your credit card account within 5-10 business days:

Figure 8. The confirmation page of the phishing site

Finally, you are redirected to a legitimate CRA webpage:

Figure 9. The legitimate “Personal income tax” page of the CRA website

The same redirection happens if you attempt to navigate directly to the cra_ca_service subdirectory of the site.

ESET blocks these threats as a phishing attempt:

Figure 10. ESET blocks the malicious istvandyjeno[.]hu domain

Figure 11. ESET blocks the malicious oraclehomes[.]com/cra_ca_service site

UPDATE:

On August 12, 2022, I received another phishing email posing as the CRA:

Figure 12. Another phishing email offering a refund from the CRA

Curiously, the apparent sender this time is marcamand@skynet.be, which uses the same email service as the previous sender guidovedebe@skynet.be.

Clicking on any of the links in this email redirects from a malicious link hosted on szobafestes-azonnal[.]eu to the malicious subfolder cra_ca_service hosted on uudamspa[.]vn:

Figure 13. The same phishing forms are used as in the previous campaign

The phishing forms in this attack look exactly the same as in the previous campaign. Is this the same attacker? Maybe. In any case, ESET blocks this threat too:

Figure 14. ESET blocks the malicious szobafestes-azonnal[.]eu domain

Figure 15. ESET blocks the malicious uudamspa[.]vn domain

Interestingly, the home page of szobafestes-azonnal[.]eu advertises a hacker group called 1877 Team:

Figure 16. The domain szobafestes-azonnal[.]eu leads to a landing page for the 1877 Team hacker group

Phishing in perspective

According to the ESET Threat Report T1 2022, approximately a third of the phishing URLs detected in the first four months of 2022 impersonated financial organizations. But there are other popular contenders for phishing lures, such as fake Facebook and WhatsApp login pages and websites masquerading as email services and gaming platforms:

Figure 17. Top 10 phishing website categories in the first four months of 2022 by number of unique URLs (source: ESET telemetry)

Although, in this case, the malicious operators targeted the credit card and personal information of Canadians, phishing can encompass a variety of goals like ransomware downloads, banking trojans, cryptojacking malware, and botnet deployments. Therefore, keep in mind the following advice to spot and steer clear of this threat:

  • Consider whether the purported sender normally communicates via email in this way.
  • Rather than clicking on links in an email, it is better to navigate manually to the official website of the apparent sender.
  • Check for obvious mistakes in the email. For example, why would the Canada Revenue Agency send you email from guidovedebe@skynet.be?
  • Always be wary of sharing your personal and financial information with any webpage.
  • Familiarize yourself with the CRA scam alerts page, especially with the samples of fraudulent emails impersonating the CRA.



Source_link

flyytech

flyytech

Next Post
Microsoft targets lack of investment, affordable access to finance in a new AfDB partnership

Microsoft targets lack of investment, affordable access to finance in a new AfDB partnership

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

Modified WhatsApp App Caught Infecting Android Devices with Malware

Modified WhatsApp App Caught Infecting Android Devices with Malware

October 13, 2022
Podcast #696 – Arc A770 and A750, Ryzen 7000 Undervolting, RTX 4090 Hands On, PS5 Jailbreak, Stadia dead plus MORE

Podcast #696 – Arc A770 and A750, Ryzen 7000 Undervolting, RTX 4090 Hands On, PS5 Jailbreak, Stadia dead plus MORE

October 11, 2022

Trending.

Image Creator now live in select countries for Microsoft Bing and coming soon in Microsoft Edge

Image Creator now live in select countries for Microsoft Bing and coming soon in Microsoft Edge

October 23, 2022
Allen Parr’s false teaching examined. Why you should unfollow him.

Allen Parr’s false teaching examined. Why you should unfollow him.

September 24, 2022
Review: Zoom ZPC-1

Review: Zoom ZPC-1

January 28, 2023
Elden Ring best spells 1.08: Tier lists, sorceries, incantations, and locations

Elden Ring best spells 1.08: Tier lists, sorceries, incantations, and locations

January 14, 2023
CPU Benchmarks Hierarchy 2022: Processor Ranking Charts

CPU Benchmarks Hierarchy 2022: Processor Ranking Charts

September 11, 2022

Flyy Tech

Welcome to Flyy Tech The goal of Flyy Tech is to give you the absolute best news sources for any topic! Our topics are carefully curated and constantly updated as we know the web moves fast so we try to as well.

Follow Us

Categories

  • Apple
  • Applications
  • Audio
  • Camera
  • Computers
  • Cooking
  • Entertainment
  • Fitness
  • Gaming
  • Laptop
  • lifestyle
  • Literature
  • Microsoft
  • Music
  • Podcasts
  • Review
  • Security
  • Smartphone
  • Travel
  • Uncategorized
  • Vlogs

Site Links

  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions

Recent News

The Logue CL-1 is a MIDI controller that feels like a Minimoog

The Logue CL-1 is a MIDI controller that feels like a Minimoog

March 31, 2023
Upcoming changes to the App Store receipt signing certificate – Latest News

WWDC23 – Discover – Apple Developer

March 31, 2023

Copyright © 2022 Flyytech.com | All Rights Reserved.

No Result
View All Result
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs

Copyright © 2022 Flyytech.com | All Rights Reserved.

What Are Cookies
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT