• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Netflix Phishing Emails Surge 78%

You are here: Home / General Cyber Security News / Netflix Phishing Emails Surge 78%
November 18, 2022

Security scientists are warning that corporate accounts could be at risk following noting a 78% enhance in email impersonation attacks spoofing the Netflix brand considering that October.

If personnel use the very same credentials for personal accounts like Netflix as their operate accounts, strategies like this may perhaps imperil company techniques and facts, warned Egress.

The team guiding this certain campaign is utilizing Unicode people to bypass normal language processing (NLP) scanning in traditional anti-phishing filters, the security seller claimed.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“Unicode helps to change worldwide languages within just browsers – but it can also be applied for visible spoofing by exploiting worldwide language characters to make a pretend URL search genuine,” Egress wrote.

“For illustration, you could sign up a phishing area as ‘xn–pple-43d.com,’ which would be translated by a browser to ‘аpple.com.’ This is known as a homograph attack.”

Unicode is also employed in the sender show names, these kinds of as “Netflix” and “help desk.” Having said that, the danger actors didn’t quit there.

“Other obfuscation procedures contain making an attempt to break up the text with non-identifiable figures, white on white textual content, and employing people from distinctive languages to break the NLP’s notion as a lot as doable,” the seller continued.

“For case in point, making use of two V figures next to a person a further will be study as two Vs by a machine. But to a man or woman skim-studying, VV seems a whole lot like W.”

Along with these techniques, the phishers use classic social engineering strategies, these as dashing the user into motion and piggy-backing on existing events – in this situation Netflix’s introduction of a new ad-tier deal.

Despite the fact that about half (52%) of the email messages noticed by Egress use this entice, other subject matter traces consist of “Netflix cancellation confirmation” and “Get Endless Membership for $.99.”

The marketing campaign seems to be concentrating on end users in the US and UK mainly.

“The concern for businesses is if an employee has their qualifications harvested and utilizes the very same, or quite identical, passwords for their perform accounts,” Egress concluded.

“Both corporations and men and women also have to have to be mindful how attackers weaponize the 24-hour news cycle to deliver new, specific attacks.”

The vendor claimed it even further highlights the want for highly developed anti-phishing tools.

“These attacks are subtle and you can’t just depend on coaching and the human eye,” it additional.


Some elements of this article are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Hive Ransomware Has Made $100m to Date
Next Post: Russian Duo Indicted Over E-Book Piracy Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.