One type of malware noted by Proofpoint was DanaBot, which has been used to send out Canada Post-themed lures.
David Masson, the Canada country manager for Darktrace – a cybersecurity firm – agrees that spoofing scams that hijack well-known brands are quite common internationally and Canada’s experience is similar. A database search done for The Canadian Press by the Canadian Anti-Fraud Centre suggests there’s been a rise in reports of suspected Canada Post-themed scams this year. It found 35 suspected frauds using Canada Post branding over 12 months ended May 1, including 26 in 2019.
“Every single one of us has our e-mail credentials tied up with all of these huge breaches that we hear about.” Once fraudsters have figured out a key person’s password, they can wreak havoc on a company by impersonating a supervisor and instructing a staff member to redirect the payroll or other payments to a different account.