Billing Cycle, Last reminder!
@ducklah Nov 2022
During this festive season, HackyClub detected an uptick in a malicious phishing campaign mimicking streaming providers.
Observations
The email claims it is from NETFLIX, with the true sender domain as tosconova[.]com. From our investigation, the domain is associated with ActiveCampaign, which is an email marketing service.
Analysis
Following the link will lead you to myaccount-netflix[.]sytes[.]net which looks very similar to a Netflix webpage to lure victims to enter their credit card information.
Recommendation
HackyClub recommends fellow cyber defenders to perform a back-testing (30 days) with the link in the email to check if there were any users who have accessed the link to determine further actions
Last updated