«
»

Wealthsimple Customers Are Also Targets Of The Questrade Phishing Threat Actors

After posting this story about an ongoing large scale Questrade phishing campaign, I checked my honeypot and discovered that the same threat actors behind this campaign are also going after Wealthsimple customers. That’s evidenced by this phishing email:

Now this email is extremely similar to the one that was being used in the Questrade campaign. And walking through the phishing scam, I found the website that was created was of similar quality as the one behind the Questrade campaign. I say was because it has been taken down by its host which appears to be based in China. While that suggests that the threat actors are Chinese, it is possible that the threat actors are from someplace else and are using a Chinese web host for cover. The emails are very similar as well which seems to point to the fact that these are the same threat actors are behind both campaigns.

My honeypot has received these emails as recently as 4 hours ago. So this is clearly an ongoing campaign that will likely evolve. Thus keep your head on a swivel to ensure that you don’t fall victim to one of these campaigns.

This entry was posted on October 30, 2025 at 3:44 pm and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Wealthsimple Customers Are Also Targets Of The Questrade Phishing Threat Actors”

  1. The Threat Actors That I’ve Been Tracking Have Moved To Using TD For Their Phishing Campaign | The IT Nerd Says:
    November 14, 2025 at 9:37 am

    […] been tracking a group of threat actors who started using Questrade and then Wealthsimple along with TD and finally the National Bank on two occasions to try and […]

    Reply

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading