During this festive season, HackyClub detected an uptick in a malicious phishing campaign mimicking streaming providers.

Observations

The email claims it is from NETFLIX, with the true sender domain as tosconova[.]com. From our investigation, the domain is associated with ActiveCampaign, which is an email marketing service.

Analysis

Following the link will lead you to myaccount-netflix[.]sytes[.]net which looks very similar to a Netflix webpage to lure victims to enter their credit card information.

Recommendation

HackyClub recommends fellow cyber defenders to perform a back-testing (30 days) with the link in the email to check if there were any users who have accessed the link to determine further actions