• Why IRONSCALES
  • Platform
    Spring '24 Software Release! Check out our new deep image-based detection, GWS capabilities, and more. Explore the new additions
  • Solutions
  • Learn
    New Report! Osterman Research releases their 2024 findings on Image-based/QR Code Attacks. Read the report
  • Partner
  • Pricing

Netflix is quickly becoming a popular brand for fraudsters to spoof in phishing campaigns.

Neflix has been impersonated by criminals in the last 12 months in various, increasingly sophisticated, scams in an attempt to lull potential victims into a false sense of security, and consequently get their hands on individuals financial information. A move which could not only see people fleeced of their hard earned money, but also lead to wider security issues. Last year a spoofed Netflix email was first identified in January, but continued through the year, urgently warning users that their account had been suspended due to a problem with their billing information and urging them to update their details. Moving into 2018 and the popular streaming brand continues to be plagued by phishers spoofing ‘Netflix’ messages, however the current scam is far more convincing, claiming that the user’s payment method had been declined. If a phishing email, such as this, happens to drop into an employee’s inbox whilst at work this could quickly become a problem for the entire organization.

Not all scams are about stealing credentials

While the current Netflix scams are about stealing users’ credentials and ultimately payment information, not all consumer-focused phishing scams will leave the organization unscathed. The reality is employees will often check personal email accounts during working hours and from business devices. Should a spoofed message contain malware an infection could quickly spread across the network and cripple the enterprise, should it impersonate someone the receiver could be tricked into completing the scammer's tasks.

We’ve seen ransomware bring the NHS, Council Offices, Departments and Services, and many big businesses to their knees as they’ve been left unable to function with their systems encrypted. We’ve even seen bank heists that were possible as the Cobalt Gang infected ATMs from a phishing email. And we’ve seen employee’s wire $billions having been tricked with convincing business email compromise attacks that spoof a CEO, or other high-profile executive, causing an employee to believe the message is legitimate and transfer vast sums of cash to criminals.

Staying safe means being vigilant and working together

As is the case in any phishing incident, vigilance is key. It goes without saying that users must be made aware of the risks and reminded that they should never click a link in an email they believe could be illegitimate. However, while educating users to spot the phisher’s lure is commendable, due to human nature it alone is not enough. Targeted phishing attacks are getting more sophisticated and, no matter how hard you train people, no one is perfect 100% of the time. It only takes a few unaware or preoccupied employees to download or click on a malicious email link or attachment to inadvertently provide attackers with access to sensitive corporate networks and data so it is imperative to help users identify well-crafted impersonation techniques.

This means employing mailbox level detection that tracks user activity to build a picture of what is deemed normal behaviour so that anomalies in communications are easily spotted and automatically flagged as suspicious, in tandem providing an augmented email experience (InMail alerts) and mechanism (report button) to help employees better spot and easily report something amiss in a message ultimately helps protect the enterprise. When a new attack is detected or reported there needs to be an automatic remediation of all infected inboxes in real-time and orchestration with other network and endpoints' to make sure the attack is contained on all levels within the network. Finally, intelligence will help strengthen any phishing defense and thwart attackers.

While Netflix does offer advice to users to report malicious messages, it doesn’t appear to actively share campaigns to generate awareness of messages currently circulating. This is endemic of many companies as there is a lack of real-time phishing intelligence sharing between companies being spoofed, but also those on the receiving end. From a users’ perspective, being able to verify if a message is fraudulent with the organization concerned could be extremely useful, and even the difference between being scammed or not. Similarly, for organizations on the receiving end, harnessing verified email phishing intelligence and event information automatically collected and shared anonymously across multiple organizations would forearm them, allowing proactive defense of their network gateways and endpoints from these increasingly frequent and sophisticated phishing emails. This would reduce risk from dangerous and destructive zero-day attacks, such as ransomware, malware, bots, spam, spoofing, and pharming, among others as forewarned is forearmed.

In the meantime, here are a few quick pieces of advice for someone who thinks they may have received a Netflix, or other spoofed email:

  • Scams like this are often spotted relatively quickly, so keeping an eye on social media, news sites or even perform a quick Google search for warnings
  • Question the messages motives, especially if it pressures you into action, or is offering something too good to be true
  • Never hand over any official information
  • Never click links within the message – instead type a URL directly into the address bar
  • Never click an attachment unless you’re confident the sender is legitimate

If you are even slightly suspicious contact either the ‘Sender’ (in this case Netflix), or if at work, your IT Security Team.

Whether a phishing message targets consumers or employees, the business could get caught in the cross-fire. Learn more about our award-winning products

Eyal Benishti
Post by Eyal Benishti
January 30, 2018