Fraudsters have become creative in disguising dangerous links and attachments in email. Canadian firms may be falling for the scams more often than those in other countries. The analysis by Proofpoint found nearly 100 criminal cyber campaigns that targeted Canada between Jan. 1 and May 1 this year. One type of malware noted by Proofpoint was DanaBot, which has been used to send out Canada Post-themed lures. People who get such emails may be in danger of downloading software that could grab passwords. Or send more fraudulent spam messages to reach more victims, or lock out access to system files. Last year, cybersecurity firm Darktrace found its Canadian clients were about three times as likely to download malware compared with clients in other countries. Kalember said criminals also use specific information about their targets that has been accumulated through many years of database breaches. That means hackers have many examples of how companies send internal messages, which people are in a position of authority, and even a record of old passwords that provide clues to new passwords. Once fraudsters have figured out a key person's password, they can wreak havoc on a company by impersonating a supervisor.