Why a seemingly insignificant financial merger triggered huge wave of Canadian phishing attacks

In February two Canadian bank-owned co-operatives, Interac Association – which runs the inter-bank debit card network – and Acxsys Corp. – which among other things runs Interac’s e-transfer and Online service – announced they were merging to form Interac Corp.

Missed that breathtaking news, did you? Well, cyber criminals didn’t.

According to security vendor RSA, a gang or gangs used that information to launch a wave of phishing attacks against residents here, hoping to sucker them into giving up their usernames and passwords by pretending to from Interac or the Canada Revenue Agency and asking for confirmation of transactions.

What’s so interesting about Interac? As the operator of Canada’s inter-bank debit card network anyone who gets hold of a bank customers debit card credentials can immediately drain the account. Cash. No stolen credit card numbers to peddle.

“There was confusion about what it meant (for customers),” Grant said, and criminals took advantage of it.

The attack campaigns have been going on for months. In fact, RSA’s latest Quarterly Fraud Report, released this week, says during the third quarter 52 per cent of the 19,000 phishing emails and texts around the world detected by RSA equipment on customer networks were targeted at Canada. Number two was the United States, with a mere nine per cent of the volume.

Not all of them were Interac-related, Angel Grant, director of RSA’s identity and fraud risk intelligence products said in an interview Thursday, but it was the largest category — and it has been since February. She couldn’t say how many people here fell for the Interac-related scams, but admitted the fact that it has been going on so long is a sign they’ve been successful.

Grant did say it’s typical of how cyber criminals work: Basing phishing attack campaigns around an event. Similar to the Interac announcement, RSA also saw a similar increase in phishing in Spain after several major banks there launched instant transfer services, Grant said.

Most infosec pros would be more familiar with news reports of online scams that emerged during this year’s World Cup competition in Russia.

“Any time there’s an event or a disruptive change in a market cyber criminals tend to take advantage of that confusion or excitement or sense of emergency,” Grant said. “In this case we saw the re-rollout of Interac at the beginning of the year where they combined with Acxsys (Corp.) into one organization, which offered new and different electronic transfer services.

“Many of the phishing emails people would receive would ask them to transfer funds, or pretend to come from the Canada Revenue Agency and ask them to verify their account information so they can get their disbursements of payments” relating to the Interac change, she said.

Not only was there a spike in phishing email, Grant said, but also in text messages asking people to verify their personal information so they could have disbursements transferred, or pretending to be someone trying to transfer fund to their account and wanting to verify account information.

Like most phishing campaigns, Grant said, criminals will spin off an associated campaign if the first one is successful. In this case, following the initial phony messages purporting to be from Interac, a campaign of messages purporting to be from Canada Revenue went out relating to the use of Interac for paying income taxes.

To read the full RSA Q3 report click here. Registration required

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now