A Canada Revenue Agency #Scam Has Returned… Let Me Tell You About It

Canada Revenue Agency scams are very popular with threat actors as they are likely to ensnare people who receive some sort of government assistance via the Canada Revenue Agency. And this scam is no different as it has returned from the grave apparently. Let’s start with the email that you get from the threat actors:

So the email claims that you’re going to get $235.00. Or as the threat actors who clearly don’t have the attention to detail say, 235.00$. Then there’s also sentences like “Please click to The link below to receive your money”. Poor grammar like this is the hallmark of scams.

But what got my attention is the link that they refer to. It says http://www.interac.ca. But it isn’t when you inspect it closely.

You can see that they’ve embedded another web page address. This is meant to fool you into clicking the link as you will think that this is a legitimate web page. By the way, you should never ever click links like this. But I’m going to so that I can see the scam in action.

The link in the email forwards you to another link which takes you to this website where you’re supposed to pick the financial institution that you deal with. Thus the scam is trying to grab your banking details so that the threat actors can drain your bank account. And what’s interesting is this:

On top of being able to just pick your financial institution above, you can make a choice below. That implies that the threat actors put some time and effort into this. Though as I will show you, it starts to fall apart a bit here:

When I pick CIBC, I am presented with this. Which isn’t even close to what the actual CIBC website looks like. And if you look at the address bar, it clearly isn’t the CIBC website. But one clever thing that the threat actors did is this:

They fake a two factor authentication setup to make you believe that this is the legitimate website. Which it is not of course. And at this point the threat actors are using the login information that has been provided to drain the bank account that is connected to it dry. And the thing is, this isn’t the first time I’ve seen this scam before. I covered this just a few weeks ago. Thus the same threat actors have returned which means that my advice is the same. If you get an email like this, delete it and move on with your life.

Leave a Reply