Let's go phishing, eh?

Share with your network!
The latest in a long line of phishing attacks made to look like government communication comes to us courtesy of a fake "Canadian Revenue Agency". The original email is in French, explaining that the recipient is eligible for a tax reimbursement of "189.82", and directing them to a web page to enter personal information to claim the refund. The links in the emails redirect to landing pages hosted in many places, which appear to be sitting on compromised web servers.
The landing pages themselves all attempt to look like real Canadian government web pages, including versions of the page in both French and English (see below). Many of the links on the landing pages lead to real Canadian government pages, including "Contact Us" and "Help", but the "English" and "French" buttons, as well as the script that submits the form, lead back to the compromised, phishy servers. The form itself is quite simple, asking for a name, "Social Insurance" number, date of birth, and "Refund Amount". [caption id="attachment_421" align="alignnone" width="300" caption="Canadian Revenue Agency Phishing Site (French)"]
CRA Phishing Site (French)
[/caption] [caption id="attachment_423" align="alignnone" width="300" caption="Canadian Revenue Agency Phishing Site (English)"]
CRA Phishing Site (English)
[/caption] You can protect yourself from scams of this type by paying close attention to the emails you receive and the links on which you click. It's likely, because of the way this email was encoded, that accented characters are appearing as blank squares or black diamonds with question marks - a legitimate email is more likely to have properly encoded characters. Additionally, hovering your mouse over the link in the "call to action" should (in most mail programs and web browsers) show you the target of the link. If the target differs from what you would expect, take great care in clicking on it. If you're being asked for personal information, it might be time for an 'out of band' contact - call a known phone number, or use a trusted search engine to find a contact number to make sure you should give out that information.