The Perception Point Incident Response Team uncovered an interesting trend this week. It found a major increase (250%) in the number of Netflix scams this quarter compared to last quarter.

So the team investigated and found many (but not all) originated with one Netflix phishing kit. 

One-Second Overview

Here we take a deep dive into the phishing kit to unpack all it’s hidden evasive methods. 

Netflix Login Phishing Scheme Dissected

STAGE 1. Creating Fear

The attacker sends an email pretending to be from Netflix. The email is meant to create a sense of fear and urgency by stating that the account will be paused immediately unless the user takes action.  When in a state of fear, people are more likely to take action (without much research first.)

• Subject Line. “Check your status N E T F L I X.” The hacker is hoping the receiver won’t be bothered by the spaces between each letter, which was done to bypass legacy security tools.
• Email Sender Display Name. “Netflix” is written in special characters  (unicode tricks email security solutions and bypasses common spam and anti-phishing filters.)
• Brand Image. Netflix logo 
• CTA. Update Payment Information

STAGE 2. Robbing Netflix Credentials

Before users can update their credit card information, they must first sign in. As you can see, the attacker perfectly spoofed a Netflix sign-in page.

STAGE 3. Stealing Credit Card Information

Once logged in, the user is shown the payment page where they can put in their credit information.

One-Second Phishing Kit Overview

Phishing Kits

The market for phishing kits has both expanded in value and diversified over the last year. Here’s why they

Lucrative

For example, DIY cybercrime packages are averaging out at $304 per item last year. That’s compared to an average of just $122 in 2018, according to a study by threat intel firm Group-IB.

High Demand

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras fermentum dolor sed elit ultricies, auctor euismod dui tempus. Vivamus volutpat, mi et fermentum vestibulum, turpis ex faucibus tortor, et mollis arcu orci id neque.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras fermentum dolor sed elit ultricies, auctor euismod dui tempus. Vivamus volutpat, mi et fermentum vestibulum, turpis ex faucibus tortor, et mollis arcu orci id neque.

Perception Point Catches All Evasion Methods Used in Phishing Kits

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras fermentum dolor sed elit ultricies, auctor euismod dui tempus. Vivamus volutpat, mi et fermentum vestibulum, turpis ex faucibus tortor, et mollis arcu orci id neque.