Beware: Fake Traffic Ticket Portals Targeting Canadians’ Personal and Financial Data
A sophisticated phishing campaign has recently emerged, targeting Canadian citizens through counterfeit traffic ticket payment portals designed to steal personal and financial information. Cybercriminals employ search engine optimization (SEO) poisoning techniques to manipulate search results, making their fraudulent websites appear legitimate when individuals search for provincial traffic ticket payment options. These deceptive portals convincingly mimic official government websites from provinces such as British Columbia, Ontario, and Quebec, tricking unsuspecting victims into divulging sensitive data.
The Deceptive Tactics Unveiled
The scam typically begins when individuals receive text messages or encounter malicious advertisements claiming they have unpaid traffic fines. These messages contain shortened URLs or typosquatted domains that redirect victims to counterfeit payment portals. The fake websites are meticulously crafted to resemble legitimate government platforms, complete with provincial logos and official-looking designs that build trust and credibility.
Unit 42 researchers have identified this campaign as part of an extensive fraud network operating across multiple domains. The attackers utilize a specialized phishing kit that includes a deceptive waiting room feature, creating the illusion of processing legitimate ticket searches. Over seventy malicious domains were discovered resolving to a single IP address, all designed to harvest personally identifiable information (PII) and payment card details from unsuspecting victims.
Phishing Kit Infrastructure and Attack Mechanics
The attackers deploy a multi-stage phishing infrastructure hosted on specific subnet ranges, particularly the 45.156.87.0/24 network block. This operation involves creating numerous domains following naming patterns that include terms like ticket, traffic, portal, and violation, suggesting automated domain generation capabilities. The phishing kit first presents victims with a validation phase where they enter ticket numbers or booking identifiers that accept any input, establishing false legitimacy before transitioning to fraudulent payment gateways.
Once victims proceed to the payment section, the fake portal collects comprehensive personal details, including full names, addresses, email addresses, phone numbers, and birthdates. The final stage requests complete credit card information, including card numbers, expiration dates, and CVV security codes. Unlike legitimate payment processors that redirect to secure banking gateways, these fraudulent sites directly capture all information, allowing attackers immediate access to financial credentials for unauthorized transactions.
Protecting Yourself Against Such Scams
To safeguard against such deceptive schemes, consider the following measures:
1. Verify Traffic Ticket Legitimacy: Always confirm the authenticity of traffic tickets through official government websites by typing URLs directly into your browser rather than clicking on links provided in unsolicited messages.
2. Monitor Financial Statements: Regularly review your credit card and bank statements for any unauthorized transactions.
3. Enable Transaction Alerts: Set up alerts for your credit card transactions to receive immediate notifications of any activity.
4. Be Cautious with Unsolicited Communications: Exercise caution when receiving unexpected text messages or emails claiming you have unpaid fines, especially if they contain links or request personal information.
5. Use DNS Filtering: Organizations should implement DNS filtering against known malicious domains to prevent access to fraudulent sites.
By staying vigilant and adopting these protective measures, individuals can reduce the risk of falling victim to such sophisticated phishing campaigns.
