Criminals are siphoning millions of dollars out of the Canadian economy each year, using new technologies such as AI.Christopher Katsarov/The Globe and Mail
Montreal-based cybercrime research firm Flare Systems Inc. has identified a new threat actor targeting Canadians with toll and parking scams such as one involving text messages purporting to be from the 407 Express Toll Route in Ontario.
Flare has dubbed the fraud group PayTool and says that it has identified more than 900 potential victims and 37 websites associated with the scam.
Armed with new technologies such as artificial intelligence and virtual currencies, criminals are siphoning millions of dollars out of the Canadian economy each year.
Canadians reported $544-million of losses to the Canadian Anti-Fraud Centre in the first nine months of 2025, according to the most recent data available. At that rate, it’s likely that last year’s reported fraud losses surpassed the $645-million reported to the centre in 2024. According to the agency, its figures represent just 5 to 10 per cent of all fraud.
Canada urged to not sign ‘deeply flawed’ UN cybercrime treaty
Financial institutions facing insider threats from rogue employees accessing client data
PayTool appears to have been ramping up its activity in recent months, according to Flare.
“We very strongly believe that the people behind this particular group or these scams are actually Canadian-based, or have some link to Canada itself,” said Adrian Cheek, a senior cybercrime researcher at Flare.
That’s because the scammers are targeting their efforts to potential victims based on their area codes, Mr. Cheek said.
The scam begins with an unsolicited text message from a Canadian phone number claiming that the recipient has failed to pay a parking fine or a toll. Usually the request is for a nominal amount of money.
The text message typically threatens late fees, license suspension or legal repercussions if the fee isn’t paid, and includes a link to a fake website resembling the agency being impersonated, such as the 407 ETR or the province of British Columbia.
When users go to pay the fine, they’re prompted to enter sensitive information such as their credit card or driver’s license numbers. The scammers can then either sell the data they’ve collected, or use the victim’s banking information to make purchases.
Mr. Cheek said it can be challenging for telecoms to identify and stop fraudulent text messages.
“It’s very difficult for the telcos to isolate a group of scammers within that massive number of text messages being sent per day, unless they have specific information to point them in a specific direction,” he said.
“It’s essentially a game of looking for needles in a stack of needles.”
Last year, a coalition of telecoms, financial institutions, technology companies and other organizations came together to create the Canadian Anti-Scam Coalition, with the aim of tackling the increasingly pervasive problem of scams.
When the coalition was launched, Anthony Ostler, president and chief executive officer of the Canadian Bankers Association, spoke about the importance of preventing scammers from reaching potential victims by blocking fraudulent websites, text messages or phone calls.
Mr. Cheek said Flare plans to share its findings with telecoms and law enforcement.
Canadian securities regulators, meanwhile, have been working with a third-party technology service provider to take down websites peddling investment scams.