Close-up of a high-tech computer screen displaying encrypted
Threat Intelligence Report

Email and SMS Phishing Database

Mossfield Lane provides a centralized repository of verified phishing signatures affecting Canadian financial consumers. This database is updated daily to reflect the evolving tactics of digital fraud syndicates operating within the Edmonton region and across the national banking infrastructure.

Database Methodology

Our classification system relies on three primary vectors of verification to ensure the accuracy of the threat intelligence provided to our clients.

01

Heuristic Scanning

We utilize automated scripts to parse incoming communication patterns, identifying anomalies in SMTP headers and SMS gateway origin points. This allows for rapid identification of bulk-distributed fraudulent campaigns.

Methodology Details
02

Link Deconstruction

Every URL within the database is sandboxed and analyzed for redirect chains and credential-harvesting scripts. We catalog the hosting providers and registrar data to map the infrastructure of the attackers.

Infrastructure Analysis
03

Cross-Verification

Data is cross-referenced with the Edmonton Fraud Watch and federal reports to ensure that our signatures align with the most recent tactical shifts in the Canadian cyber-landscape.

Historical Data

Anatomy of a Phishing Header

Technical analysis of email headers remains the most reliable method for identifying sophisticated spoofing attempts. Fraudsters frequently manipulate the "From" display name while masking the actual "Return-Path" address, which often originates from compromised servers or look-alike domains. In the context of Canadian banking, we have observed a 40% increase in the use of localized subdomains that mimic legitimate institutional portals.

When examining an SMS (Smishing) message, the "Sender ID" is often the first point of failure. Modern smishing kits use alphanumeric senders or short codes that bypass standard carrier filters. By analyzing the "Reply-To" path and the embedded link's TLD (Top-Level Domain), security professionals can determine the geographic origin of the threat, often pointing to high-risk zones outside of North American jurisdiction.

Furthermore, the use of URL shorteners (e.g., bit.ly, tinyurl) in SMS messages serves to hide the final destination of the victim. Our database tracks these shortened links back to their terminal landing pages, which typically feature high-fidelity clones of Canadian bank login screens. Protecting your assets requires a move beyond visual inspection toward a protocol-based verification mindset, as detailed in our Hardware Security guide.

Active Threat Signatures

Last Updated:

STATUS: HIGH ALERT
Vector Common Subject/Label Target Institution Risk Level
SMS "Interac e-Transfer: Action Required" Major Canadian Banks CRITICAL
EMAIL "Unusual Login Activity Detected" Credit Unions HIGH
SMS "CRA: Your tax refund is ready" Government Services CRITICAL
EMAIL "Invoice #88291 - Overdue" SME Businesses MEDIUM

Source: Internal Mossfield Lane Intelligence Network

Verification Checkpoints

Before interacting with any digital communication regarding your finances, run through these mandatory verification checkpoints. These protocols are designed to neutralize 95% of common phishing attempts by forcing a technical audit of the message.

  • 1

    Domain Mismatch: Hover over any link to see the actual destination. If it does not end in the official domain (e.g., .com or .ca) of the bank, discard immediately.

  • 2

    Urgency Tactics: Be wary of phrases like "immediate action required" or "account will be suspended." These are designed to trigger emotional responses over logical analysis.

  • 3

    Certificate Check: If you click a link, verify the SSL certificate. Phishing sites often use free "Let's Encrypt" certificates which may not match the corporate identity of the bank.

Immediate Actions for Compromise

If you have already entered credentials into a suspected phishing site, follow these recovery steps immediately:

Step 1

Contact your bank's fraud department via the number on the back of your physical card.

Step 2

Initiate a password reset for all accounts sharing the same credentials.

Step 3

Consult our Identity Protection guide for long-term monitoring.

Strengthen Your Digital Perimeter

Stay informed about the latest threats targeting Edmonton residents. Our database is just one component of a comprehensive security strategy. Review our local resources for tailored advice.

Subscribe to our newsletter

New guides and news straight to your email.