Canadian Securities Administrators Warns of Spear Phishing Threat Involving Email Impersonation

The Canadian Securities Administrators (CSA) has issued a public warning after detecting malicious emails impersonating the regulator. The fraudulent emails, which use publicly available information to target recipients, are believed to be part of “spear phishing” attempts aimed at stealing personal or confidential business data.

The phishing emails claim to originate from the CSA but are actually sent from the domain @securities-administrators.ca.cazepost.com, which is not associated with the CSA or any of its member organizations. Authorities stress that any communication from this domain should be treated with extreme caution.

Recommended Actions

• Do not click links or provide information in suspicious emails.
• Delete the email immediately and report it to your local securities regulator.
• Verify authenticity by checking whether the sender’s address is consistent, verifiable, and linked to someone you know at the CSA or its member organizations.
• Ask yourself: Were you expecting this email? If not, treat it as suspicious.

Recipients who may have clicked on links or opened attachments are urged to change their passwords immediately and notify their security department

Know more impersonation scams:

• Central Bank of the Philippines Warns of Impersonation Scams Inducing Fake Financial Transactions
• Coinbase Support Impersonation Scam Linked to Over $2 Million in Crypto Losses
• FSCA Warns of Surge in Investment Scams and Impersonation in South Africa