Canadian banks are victims of a large phishing campaign

[Driz]

Fourteen Canadian banks, including CIBC, TD Canada Trust, Scotiabank and the Royal Bank of Canada (RBC), were the victims of a large-scale phishing campaign that lasted two years.
The attack began with the sending of plausible emails with an attachment in PDF format using the official bank logo and authorization code. Victims were tricked into renewing their digital certificate as quickly as possible so that they could continue to access online banking. By clicking on any of the URLs, the victims ended up on a phishing page asking them to enter their bank credentials.
As researchers at Check Point noted in their report, in the case of RBC, attackers simply took a screenshot of the official site and added invisible text fields on top of the input fields to collect the victim’s credentials.
According to experts, there were several options for PDF attachments, with slight differences between them. However, some of the text instructions contained in them were repeated, used unique phrases and appeared in more than one document.
The phishing web site mentioned in the PDF attachments was associated with a Ukrainian IP address for several domains simulating bank pages.