The Perception Point Incident Response Team uncovered an interesting trend this week. It found a major increase (250%) in the number of Netflix scams this quarter compared to last quarter.
So the team investigated and found many (but not all) originated with one Netflix phishing kit.
One-Second Overview
Here we take a deep dive into the phishing kit to unpack all it’s hidden evasive methods.
The attacker sends an email pretending to be from Netflix. The email is meant to create a sense of fear and urgency by stating that the account will be paused immediately unless the user takes action. When in a state of fear, people are more likely to take action (without much research first.)
Before users can update their credit card information, they must first sign in. As you can see, the attacker perfectly spoofed a Netflix sign-in page.
Once logged in, the user is shown the payment page where they can put in their credit information.
One-Second Phishing Kit Overview
The market for phishing kits has both expanded in value and diversified over the last year. Here’s why they
For example, DIY cybercrime packages are averaging out at $304 per item last year. That’s compared to an average of just $122 in 2018, according to a study by threat intel firm Group-IB.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras fermentum dolor sed elit ultricies, auctor euismod dui tempus. Vivamus volutpat, mi et fermentum vestibulum, turpis ex faucibus tortor, et mollis arcu orci id neque.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras fermentum dolor sed elit ultricies, auctor euismod dui tempus. Vivamus volutpat, mi et fermentum vestibulum, turpis ex faucibus tortor, et mollis arcu orci id neque.
Perception Point Catches All Evasion Methods Used in Phishing Kits
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras fermentum dolor sed elit ultricies, auctor euismod dui tempus. Vivamus volutpat, mi et fermentum vestibulum, turpis ex faucibus tortor, et mollis arcu orci id neque.