In almost every way, the malicious Web page is indistinguishable from the bank account login screen on TD's own site – complete with corporate logos and a password entry field. Except the site has nothing to do with the Canadian bank. Instead, a user who tries to log in will have unwittingly handed over their banking info to cyber criminals.
The fake TD login page, which turned out to have been uploaded to an unsuspecting Quebec webmaster's site and e-mailed to countless Canadian Internet users as recently as last week, is one example of many malicious websites whose creators have found a haven on Canadian servers.
The number of such phishing sites in Canada grew 170 per cent in the past year, making it the second most popular phishing-site host country in the world behind the U.S., according to a new study by Internet security firm Websense.
The total number of malicious websites in Canada also soared 239 per cent, the study found. The growth spurt is partially due to a global boom in cybercrime, but also because Canadian domain names – those ending in the .ca suffix – are rarely blocked or filtered around the world, and are more appealing to criminals.
“Our infrastructure is great, our bandwidth is good, and .ca domains tend to have a good reputation,” Websense's Canadian manager Fiaaz Walji said.
Mr. Walji pointed to several examples of phishing attacks his team has come across in recent weeks, such as the fake TD site. In another case, an e-mail made to look as though it came from Canada Post informed the recipient a package was waiting for them, and urged them to download a shipping receipt file that turned out to be infected with a virus.
In addition to such attacks, criminals have increasingly deployed so-called “spear phishing,” or highly targeted scam e-mails. Rather than sending out generic e-mails to millions of users in the hope that a small percentage of them might fall for the con, spear phishing attacks tend to focus on just one user, who is usually a company executive. Such e-mails often contain detailed pieces of personal information about the recipient and their workplace, usually drawn from social networks such as LinkedIn. The goal is to convince the recipient that the e-mail is from a trusted source.
Fighting such malicious activity is difficult, in part because there is so much of it but also because users who don't fall for the attacks tend to simply shrug them off, deleting the e-mails rather than reporting them to the organizations and companies being impersonated.
“The bottom line is that there's lots of bad guys and they're getting more and more sophisticated,” said Byron Holland, president and chief executive officer of the Canadian Internet Registration Authority, which is responsible for the .ca domain suffix. “It's a constant cat-and-mouse game to outwit and outlast the bad guys.”
There are almost two million registered .ca domain names. Compared to many other parts of the world, Canadian domain names employ a more rigorous authentication process, including requirements that someone registering a .ca domain have a physical Canadian presence. CIRA staff also scour registration data looking for warning signs, such as nonsensical address information.
This summer, .ca domains will also begin to sign on to a new global security standard designed to authenticate both parties involved in any Web transaction – a technology aimed at reducing attacks like the fake TD webpage.