First Questrade, Then Wealthsimple And TD, And Now The Threat Actors Behind This Large Scale Phishing Campaign Are Now Going After National Bank Customers
I have been tracking a threat actor who has used first Questrade and then Wealthsimple along with TD customers. But last night, I found evidence that the threat actor behind this campaign has shifted tactics to go after National Bank customers as evidenced by this:
Unlike the email that the sent masquerading as TD, this email is well done. But if you compare it to the other e-mails that have been used in this phishing campaign, it uses the same text claiming that you need to fill out a tax form with very similar text. So it’s the same threat actors.
And the website that they send you to is very high quality as well:
The only thing that gives it away as a phishing site is this:
The real domain for National Bank is https://www.nbc.ca. Highlighting the fact that you need to double and triple check where you are surfing to before you enter any information.
Clearly these threat actors are not stopping their activities. That absolutely means that they must be getting paid via stealing money from people who fall for this. Even if it is 2% of people that get scammed, it illustrates that a scam doesn’t have to be successful in volume to be successful.
This entry was posted on November 5, 2025 at 8:45 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
First Questrade, Then Wealthsimple And TD, And Now The Threat Actors Behind This Large Scale Phishing Campaign Are Now Going After National Bank Customers
I have been tracking a threat actor who has used first Questrade and then Wealthsimple along with TD customers. But last night, I found evidence that the threat actor behind this campaign has shifted tactics to go after National Bank customers as evidenced by this:
Unlike the email that the sent masquerading as TD, this email is well done. But if you compare it to the other e-mails that have been used in this phishing campaign, it uses the same text claiming that you need to fill out a tax form with very similar text. So it’s the same threat actors.
And the website that they send you to is very high quality as well:
The only thing that gives it away as a phishing site is this:
The real domain for National Bank is https://www.nbc.ca. Highlighting the fact that you need to double and triple check where you are surfing to before you enter any information.
Clearly these threat actors are not stopping their activities. That absolutely means that they must be getting paid via stealing money from people who fall for this. Even if it is 2% of people that get scammed, it illustrates that a scam doesn’t have to be successful in volume to be successful.
Share this:
Like this:
Related
This entry was posted on November 5, 2025 at 8:45 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.