Scam­mers busy phish­ing with gov't look-alikes

Be­ware of fake emails seek­ing fed regis­tra­tion

Ottawa Citizen - - Canada - CHRISTO­PHER NARDI

OT­TAWA • The fed­eral gov­ern­ment is warn­ing of a new COVID-19 scam af­ter fraud­sters mas­querad­ing as the gov­ern­ment's pro­cure­ment depart­ment re­cently sent out two waves of phish­ing emails try­ing to steal work­ers' pri­vate in­for­ma­tion.

The scam in­volves un­so­licited emails pur­port­edly from the fed­eral gov­ern­ment ask­ing the re­cip­i­ent to reg­is­ter to qual­ify for an uniden­ti­fied “pro­ject.”

In early Septem­ber, and then again last week, Pub­lic Ser­vices and Pro­cure­ment Canada posted ad­vi­sories on its pub­lic ten­der web­site, Buyand­, about fraud­u­lent emails be­ing sent out to Cana­dian busi­nesses. The first re­ported case orig­i­nated in Que­bec, says the Cana­dian Anti-Fraud Cen­tre.

Though the emails look like Pro­cure­ment Canada's Of­fice of Small and Medium

En­treprises sent them, they are in fact part of a phish­ing scam aimed at steal­ing your or your com­pany's pri­vate data and pos­si­bly lead you to a ma­li­cious web­site, warns the Anti-fraud Cen­tre.

Ac­cord­ing to ex­am­ples of the emails pro­vided by Pro­cure­ment Canada, the fraud­u­lent mes­sage in­vites the re­cip­i­ent to bid on an un­named (and fake) pro­ject. But to do so, they must “reg­is­ter” by click­ing on a big red or blue but­ton.

The email is sent from an ad­dress mas­querad­ing as the depart­ment's of­fi­cial of­fice (@pwgsc-tpsgc). But con­trary to Pro­cure­ment Canada's real email ad­dresses, it does not end in “”, but with “.org”. That's a tell­tale sign that the email is not from a gov­ern­ment source.

“If you re­ceive this email claim­ing to be from PSPC that asks you to click on a click­able but­ton, it's a scam!” reads the Septem­ber ad­vi­sory.

If they clicked on the fake regis­tra­tion but­ton, users are sent to a web­site de­signed to im­i­tate the gov­ern­ment's real pub­lic ten­der por­tal.

“The email be­ing dis­trib­uted pro­vides a but­ton that takes users to a page that is not au­then­tic. The page im­i­tates the le­git­i­mate Buyand­ main site and dis­plays a fake regis­tra­tion but­ton (a but­ton that doesn't ex­ist on the real site). It is a phish­ing at­tempt at col­lect­ing per­sonal in­for­ma­tion from users who click on the but­ton,” ex­plains Marc-An­dré Char­bon­neau, a Pro­cure­ment Canada spokesman.

The real web­site will never re­tain any per­sonal cre­den­tials, he added, and po­ten­tial sup­pli­ers “never reg­is­ter un­der any cir­cum­stances to view in­for­ma­tion pub­lished on Buyand­”

Char­bon­neau said this is the first time the depart­ment is aware of a scam in­volv­ing the gov­ern­ment's pub­lic ten­der­ing web­site.

But it's far from the first phish­ing scam to ap­pear since the be­gin­ning of the COVID-19 pan­demic.

Al­ready by the end of March, both the Anti-fraud Cen­tre and the Cana­dian Cen­tre for Cy­ber Se­cu­rity were warn­ing Cana­di­ans t hat a plethora of new COVID-19 fraud cam­paigns were tar­get­ing Canada.

For ex­am­ple, text mes­sages falsely pu­ing to be from the Red Cross of­fered peo­ple free masks or per­sonal pro­tec­tive equip­ment in ex­change for their pri­vate in­for­ma­tion, or un­so­licited calls from fake gov­ern­ment of­fi­cials claimed the vic­tim had COVID-19 and needed to pro­vide in­for­ma­tion in or­der to re­ceive fi­nan­cial ben­e­fits.

In May, the Cen­tre for Cy­ber-se­cu­rity is­sued a re­port warn­ing that it had iden­ti­fied over 1,500 web­sites falsely parad­ing as Gov­ern­ment of Canada COVID-19 pages that are in fact de­signed to scam Cana­di­ans.

The re­port also said that there had clearly been cy­ber at­tacks com­ing from state-spon­sored threat ac­tors.

These aren't your run-ofthe-mill scam­mers at­tempt­ing to trick any­one they can, but rather trained pro­fes­sion­als tar­get­ing spe­cific com­pa­nies, gov­ern­ment agen­cies or re­search cen­tres.

Specif­i­cally, Canada's dig­i­tal spy agency noted in July that Rus­sian in­tel­li­gence ser­vices were be­hind re­cent cy­ber at­tacks at­tempt­ing to steal in­for­ma­tion and in­tel­lec­tual prop­erty from Cana­dian re­search labs work­ing on po­ten­tial COVID-19 vac­cines.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.