VERY IMPORTANT

This investigation exposes a complex fraud ecosystem targeting Canadians through impersonation of government services and trusted brands. Attackers exploit digital dependencies for transportation, taxation, parcel delivery, and travel using convincing campaigns. The activity is linked to the 'PayTool' phishing framework, specializing in traffic violation scams. Additional infrastructure impersonates Canada Revenue Agency, Air Canada, and Canada Post. Threat actors commercialize these campaigns on underground forums, selling phishing kits mimicking official services. Victims are lured via SMS and malicious ads, using high-pressure tactics. The infrastructure employs fake validation phases and fraudulent payment gateways to harvest personal and financial data. The campaign's scope spans multiple provinces, utilizing shared hosting and domain generation patterns for scalability.