A Large Scale Questrade Phishing Campaign Is Making The Rounds
A threat actor is engaged in a large scale phishing campaign that is targeted at Questrade customers. The campaign starts with this email:
Now this all looks and sounds official. But it isn’t. When you look at the “Renew Your Form W-8BEN” link, you’ll note this:
While the link says Questrade in it, it clearly isn’t Questrade as the website isn’t going to someplace that Questrade controls. Instead it’s going to a website that the threat actor controls. Now rather than going down the rabbit hole of what is the goal of this campaign, I let Virus Total do it for me:
This appears to be a phishing campaign aimed at stealing your Questrade credentials. Not good. That is confirmed by going to the URL itself. Which by the way, you should never ever do:
This is an excellent replication of the real Questrade website as evidenced here:
It even has the text “Tip: Always double check the URL of log-in pages to keep your account secure” in it. Which if you follow their advice, you can recognize this as a phishing attempt.
I have seen a few dozen of these emails hit my honeypot recently. So this is a large scale phishing campaign. Likely being done by someone who is sending emails out by the thousands hoping to catch 1% of the recipients out and score a big payday as a result. Because scams don’t have to be successful in volume to be successful.
But we’re not done yet, there’s a second Questrade phishing email making the rounds:
The lure is different as it is trying to get you to fall for the scam by getting you to set up 2 factor authentication. But the net result is the same. It is trying to send you to a replication of the Questrade website that will steal your Questrade credentials, and your money along with it.
For the record, if you can use 2 factor or multi factor authentication for your accounts, it would make them way more secure. Questrade has instructions to set that up here.
Here’s the bottom line. If you you get one of these emails, delete it and move on with your life because it is clearly a scam. And a large scale one at that.
October 30, 2025 at 3:44 pm
[…] posting this story about an ongoing large scale Questrade phishing campaign, I checked my honeypot and discovered […]
November 3, 2025 at 12:24 pm
[…] have been tracking a threat actor who has used first Questrade and then Wealthsimple as part of a large scale phishing campaign that is being carried out via […]
November 5, 2025 at 8:45 am
[…] have been tracking a threat actor who has used first Questrade and then Wealthsimple along with TD customers. But last night, I found evidence that the threat […]
November 10, 2025 at 1:41 pm
[…] a lot of action over the last week. I say that because it has led me a threat actor who has used Questrade and then Wealthsimple along with TD and finally the National Bank to try and phish credentials […]
November 14, 2025 at 9:28 am
[…] been tracking a group of threat actors who started using Questrade and then Wealthsimple along with TD and finally the National Bank on two occasions to try […]