Exploit: Phishing scam
TD Canada Trust: Personal & small business banking institution
Risk to Small Business: 2.444 = Severe: Security researchers have unearthed a two-year phishing campaign impacting Canadian banks, including TD Canada Trust. The phishing campaigns began with legitimate-looking emails containing PDFs that included official bank logos and an authorization code. Victims are instructed to renew their digital certificate to maintain their online bank accounts. When they click on a provided link, they are directed to a page that asks for their banking credentials. Hackers registered numerous domains similar to the banks’, making their efforts even more convincing.
Individual Risk: 2.571 = Moderate: Phishing scams are only effective if users provide their personal details, but anyone that offered this information should be aware that it is now in the hands of cybercriminals. Those impacted by the breach should immediately notify their financial institutions of the episode. Moreover, they should carefully monitor their accounts for suspicious or unusual activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This phishing scam underscores the capabilities of today’s cybercriminals who can quickly and easily create authentic-looking email campaigns, websites, and even documents. Since these scams are the leading cause of a data breach, every organization should take measures to prepare their employees and customers for the reality of today’s digital environment. In doing so, they can help ensure that phishing scams can’t compromise company or customer data.
Source: https://www.infosecurity-magazine.com/news/canadian-banks-spoofed-in-2year/
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.