Spam Campaign Hopes to Lure Royal Bank of Canada Customers

A new phishing campaign targets mostly California-based clients of Royal Bank of Canada. Its email comes with an HTML file attachment (detected as HTML_PHISH.TICOGEJ) with highly obfuscated Javascript in an attempt to make discovering its malicious URL more difficult. Like any other phishing campaign, this email is disguised to look like a legitimate request, but the email contains questionable elements such as the sender’s email address and the random file name of the attachment. The subject of the email also rings alarm bells with the random text at the end, although not all emails from this campaign share this characteristic. An example of the email can be seen below.

Email Phishing Royal Bank of Canada

Clicking the HTML file opens the first layer redirect page on the user’s browser, landing eventually on the phishing site where threat actors behind this will be able to steal entered information. An image of the phishing page can be seen below.

Royal Bank of Canada Phishing Campaign target

We’ve detected more than 13,000 phishing emails related to this attack from July 22 and August 8, which is a sign that this is an ongoing campaign. Our detection data also indicates around three campaigns using this method may have been launched from the end of July to the present.

Campaigns like this show that while phishing is an old, well-known tactic, it's still a go-to method for cybercriminals. Reports from the past few months show how phishing continues to be used to target specific industries or spread malware. Users can avoid phishing attacks by being aware of its indicators and vigilant when online, especially when dealing with sensitive or financial information.

To help defend against these kinds of cyberattack Trend Micro™ InterScan™ Messaging Security stops email threats with global threat intelligence, protects your data with data loss prevention and encryption, and identifies targeted email attacks, ransomware, and APTs as part of the Trend Micro Network Defense Solution. Its enhanced web reputation blocks emails with malicious URLs in the message body or in attachments, and it is powered by the Trend Micro™ Smart Protection Network™.

Additional insights by Loseway Lu and Marshall Chen

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.