Phishing Scam Targeting Ontario Residents via Fake ServiceOntario Website!!!

Overview

A recent phishing campaign has surfaced targeting Ontario residents, where malicious actors impersonate ServiceOntario to steal personal and financial information. Victims receive fraudulent SMS messages containing urgent warnings about unpaid toll or speed camera fines, directing them to a fake ServiceOntario website. The intent is to trick individuals into entering sensitive credentials.

Attack Method

Phishing SMS Message

Victims receive an alarming text claiming an unsettled toll or radar ticket must be paid immediately to avoid license suspension, demerit points, or legal action.

• The message contains a link to ontario.owsafedriving.cc -- not the official ServiceOntario domain (ontario.ca).
• The tone uses urgency and threats to pressure recipients into acting without verifying the source.
  
  

​

• The payment amount is small (e.g., CAD $9.51) to lower suspicion.
• A “Pay” button leads to a form requesting personal details such as name, address, email, and phone number, information that can be used for identity theft.

Fake ServiceOntario Website ontario.owsafedriving.cc
​

The fraudulent website closely mimics the official ServiceOntario branding, displaying fake payment notices.

​​

Data Harvesting Form
The attackers have created a contact form that collects personal details under the guise of confirming payment. This harvested data can be used for financial fraud, phishing, or sold on underground forums.

Technical Investigation

• VirusTotal Analysis
  The URL ontario.owsafedriving.cc has been flagged by multiple security vendors (Sophos, Forcepoint ThreatSeeker) as phishing and fraudulent content.
  It is confirmed as malicious with a detection ratio of 4/97.

• AbuseIPDB Results
  The IP address 104.21.35.249 is hosted on Cloudflare's Content Delivery Network. While Cloudflare itself is not malicious, threat actors often exploit CDN services to obscure their true hosting location.

Impact

If successful, the phishing campaign could:

• Steal personal identifying information (PII) from victims.
• Facilitate identity theft and financial fraud.
• Lead to further targeted scams using harvested details.

How to Protect Yourself

1. Verify the URL – Always check that the address matches the official government site (ontario.ca).
2. Do Not Click Links in Suspicious SMS Messages – Navigate directly to official websites via bookmarks or search engines.
3. Check for HTTPS and Domain Authenticity – While HTTPS ensures encryption, it does not guarantee legitimacy.
4. Report the Scam – Forward suspicious SMS messages to 7726 (SPAM) and report phishing sites to the Canadian Anti-Fraud Centre.

Conclusion

This case highlights how cybercriminals use urgency, impersonation, and fake payment portals to deceive individuals into revealing sensitive data. Ontario residents should remain vigilant, verify official communication channels, and avoid engaging with unsolicited payment requests.