Canadian banks are being impersonated in a phishing campaign targeting both individuals and businesses via a large-scale infrastructure shared with previous attacks going back to 2017. The infrastructure behind these Canadian focused attacks includes hundreds of phishing websites designed to mimic major Canadian banks’ websites as part of an effort to steal user credentials from the financial institutions’ clients. Attackers use custom-crafted and legitimate-looking email messages with malicious PDF attachments. The attachments are also designed to look like official communications from the potential victim’ banks, including bank logos and flawless grammar.
Source: https://www.bleepingcomputer.com/news/security/two-year-long-phishing-campaign-impersonates-canadian-banks/