Pivoting From PayTool: Tracking Various Frauds and E-Crime Targeting Canada
ID: 1e192707-d2c8-54ed-a78f-ce7f551101a3
STIX ID: report--1e192707-d2c8-54ed-a78f-ce7f551101a3
Feed Name: CloudSEK Blog
**Executive Summary:** CloudSEK uncovered multiple interconnected phishing campaigns targeting Canadians—primarily the PayTool ecosystem—using SMS, typosquatting, SEO poisoning, and fake validation/payment pages to impersonate traffic-ticket portals, CRA, Canada Post, and Air Canada; the report enumerates dozens of malicious domains and IPs, profiles an actor ('theghostorder01') selling phishing kits on underground forums, assesses mass PII/financial risk, and recommends domain monitoring, DNS/web gateway blocks, public awareness, and threat-intel driven detections.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.