logo

A Fake Scotiabank Voicemail Was Actually an HTML File Asking You to Call an Attacker

ID: 5bd09c9f-3d66-500c-a0a0-8d5e0918f4ee

STIX ID: report--5bd09c9f-3d66-500c-a0a0-8d5e0918f4ee

Feed Name: IRONSCALES

Threat Score
70/100

Date Published: 2026-06-22

Date Updated: 2026-06-22

Author: [email protected] (Audian Paxson)

...
...

An attacker leveraged a compromised decade-old GoDaddy-hosted small-business email account to send a Scotiabank-branded fraud alert to a CFO, including an HTML attachment disguised as an MP3 voicemail and a US toll-free number as the sole call-to-action; SPF and DMARC passed so the message appeared legitimate, no malicious links or payloads were present, and the campaign's objective was to trick the recipient into calling an attacker-controlled phone line to stop a purported $3,000 Interac e-Transfer.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.