: Check the sender's email address for inconsistencies or "look-alike" domains.

The file is typically distributed through , where it is attached to emails disguised as legitimate business documents, such as invoices, shipping notifications, or order confirmations. Its name is designed to appear innocuous or related to Canadian business entities to lower the recipient's defenses. Technical Analysis of the Threat

: Attackers often password-protect these archives (using common passwords like "1234" or "password" provided in the email body) to prevent automated antivirus scanners from inspecting the contents. Security Recommendations