Phishing in Canada: Alarming Numbers
According to the Canadian Anti-Fraud Centre, losses from email fraud exceeded $530 million in 2024, a historic record. Quebec alone accounts for more than 25% of reported cases.
Businesses are not spared. A Statistics Canada study reveals that 1 in 5 SMBs fell victim to a successful phishing attempt in 2024. The hardest-hit sectors: healthcare, financial services, and retail.
In 2025, the trend is accelerating. Artificial intelligence enables fraudsters to create emails that are nearly impossible to distinguish from genuine ones, even for experienced professionals.
The 4 Most Common Types of Attacks
- Supplier impersonation, The fraudster poses as a known supplier (Bell, Hydro-Quebec, Desjardins) and sends a fake invoice or payment link.
- Spear phishing, A personalized attack targeting a specific employee, often with internal details (boss's name, project number) found on LinkedIn.
- CEO fraud, An email seemingly from the director requests an urgent and confidential wire transfer. In 2024, this technique cost Canadian businesses over $72 million.
- Fake login portal, A link leads to a perfect copy of the Microsoft 365, Google, or banking site. The user enters their credentials without suspecting a thing.
Why Spam Filters Are No Longer Enough
Traditional spam filters (SPF, DKIM, DMARC) verify that the email came from the declared server. But they cannot detect a fraudulent email sent from a compromised legitimate server, which accounts for 40% of attacks in 2025.
Moreover, AI-generated emails pass content filters because they don't contain the classic "suspicious keywords." They are grammatically perfect, contextually relevant, and personalized.
The Secret Phrase: A Protection AI Cannot Bypass
The principle behind CodeMail is simple yet devastatingly effective: each customer receives a unique personal code that appears in all genuine emails from the business.
A fraudster can perfectly imitate the design, tone, and even the sender address. But they can never know the secret phrase assigned to each recipient, because that code is stored only in the business's secure database.
Result: the customer verifies their code in 2 seconds. If it's missing or incorrect, the email is a fraud. Period.
Protecting Your Customers Means Protecting Your Reputation
When a customer is tricked by a fake email bearing your company's name, it's your image that suffers. Even if you had nothing to do with it.
Businesses that integrate CodeMail send a clear message: "We take our customers' security seriously." It's a competitive advantage, especially in regulated sectors like healthcare and finance.
Want to protect your emails?
Register your secret phrase for free and verify every email in 1 second!
Sign up for free →