iStock.com/solarseven

Canada is the second most malware-affected country in the world, with more than 256 million incidents blocked in the second quarter of 2025, according to a quarterly report from NordVPN.

“While no region is safe from cyber threats, some countries recorded particularly high numbers of blocked attacks in the second quarter of 2025,” NordVPN says in a press release.

In particular, cyber insurers in Canada should be paying attention to the malware threat here, shows the report, which analyzed aggregated data from a NordVPN anti-malware and anti-phishing tool to identify the types of threats users most commonly encounter online.

The U.S. led the way for malware attacks by a wide margin, with 280 million in 2025 Q2. Canada followed with 256 million, then the U.K. with 103 million.

As Canadian P&C insurers have reported, online threats continue to rise both in frequency and sophistication, says NordVPN chief technology officer Marijus Briedis. “Cybercriminals deliberately exploit users’ trust in well-known brands and their everyday online habits to gain access to sensitive data as unnoticed as possible.”

The number of blocked malware threats increased by 6.4% compared to 2025 Q1. Malware detection reached its peak in May, when 1.2 billion threats were identified and blocked.

Brand impersonation

Impersonation of well-known brands remains a widespread tactic among cybercriminals, which increasingly affects internet users in Canada as well. Google is the most impersonated brand, with over 200,000 malicious websites. Other frequently faked brands include Yahoo!, Telegram, Steam, and Amazon.

Files (extensions) most likely to harbour malware are .exe files with 181,008 threats, followed by .zip and .dll. The highest malware prevalence is found on video hosting platforms, streaming services, and content delivery networks.

Unlike zero-day exploits and bugs, malware is not present on machines from the get-go — it must be actively brought onto your device, such as by downloading an infected file. One of the most common ways to get infected with malware is through phishing attacks. Scammers use deceptive misspellings of popular brands (such as spelling ‘Amazon’ as ‘Arnazon’) to trick victims into clicking phishing links and downloading infected files.

“In fact, 99% of all phishing attacks use just 300 brands for deception,” the report says.

“Through convincingly fake phishing websites or manipulated downloads, fraudsters attempt to fain access to sensitive credentials such as passwords or payment information,” the release says. “For users in Canada, this means that a single click on a fake site can have severe consequences.”

Briedis offers five practical tips to protect against online threats:

  • Use strong passwords and MFA — Use a unique password for each account and enable multi-factor authentication
  • Be wary of ‘free’ offers— Free video hosting sites often contain malware. Be especially vigilant with unknown domains
  • Check links — Check suspicious links for URLs and spelling first
  • Verify downloads — Only download files from trusted sources and scan them with cybersecurity tools
  • Keep software up to date — Regularly update operating systems, applications, and security software to close vulnerabilities.

Subscribe to our newsletters

Subscribe Subscribe

Jason Contant

Jason has been an award-winning journalist with Canadian Underwriter for more than a decade, including the past three years as associate editor and, before that, as digital editor for seven years.