OTTAWA -- Canada’s top cybersecurity agency has initiated the takedown of more than 1,000 “malicious imitation” websites attempting to scam or misinform people about the government’s COVID-19 financial aid programs. It has also observed phishing attempts preying on people’s anxiety around the pandemic—some by state-sponsored actors— masquerading as messages from public health officials.

A new report from the Communications Security Establishment (CSE)— one of Canada’s central intelligence agencies—found that in the last two months cybercriminals have set up fake Government of Canada websites, the majority of which were pretending to be the Canada Revenue Agency or related to the Canada Emergency Response Benefit (CERB).

Through these webpages—described as “convincing copies” of official sites— the cyber actors attempt to trick people into divulging personal financial information they thought was going to the federal government. CSE said that is has made moves to have these sites taken down.

These sites are just some of the more than 120,000 newly registered COVID-19-themed domains that the agency is aware of in the last month. Further, cyber actors are also using phishing schemes—asking people to click links that download malicious and information-stealing software.

In the report released on May 26, the agency said most of the phishing attempts they have pinpointed deliver malware “associated with either state-sponsored groups or well-known cybercriminals.”

“Canadian public health responses and initiatives are being repurposed by state-sponsored cyber threat actors and cybercriminals as COVID-19 lures for the purpose of targeting Canadians and Canadian organizations,” the report found.

One such example happened on March 10, when phishing emails impersonating the Public Health Agency of Canada’s Chief Public Health Officer Dr. Theresa Tam were used to embed malware from an attachment, cloaked as an “important COVID-19 update.”

Other examples have been emails advertising medical supplies, or to elicit donations.

“Cyber threat actors know that affected populations are anxious about the future and less likely to act prudently when presented with emails, SMS messages, or advertisements involving COVID-19 that would otherwise seem suspicious,” said the agency.

It is anticipating that these kinds of cyber-attacks and impersonations will continue as long as COVID-19 remains a key public health concern.

“Cybercriminals appear to be becoming more adept at targeting severely affected regions and municipalities with COVID-19 lures as well. As social distancing efforts begin to “plank the curve” and the wider public grows increasingly anxious for a return to normalcy, we expect that cybercriminals will likely begin crafting phishing lures which play on an increased appetite for information around COVID-19 vaccine development and production,” reads the report.


These findings come just weeks after CSE issued a joint statement with the Canadian Security Intelligence Service (CSIS) warning that the research being conducted by health authorities across the country into COVID-19 faces an “elevated level of risk” for foreign-backed hacking or other malicious activity. 

Now, CSE says it has already seen two attempts to infiltrate Canadian research into COVID-19. Both taking place in April, the agency said that in one instance a provincial health agency and individuals associated with a Canadian university engaged in research into the novel coronavirus were the targets of a phishing attack.

As well, a Canadian biopharmaceutical company was compromised by a foreign cyber threat actor “almost certainly attempting to steal its intellectual property.”

Further, CSE noted that while physical distancing and travel restrictions may be limiting “traditional espionage activities,” it is seeing an uptick in online operations.