Billing Cycle, Last reminder!

@ducklah Nov 2022

During this festive season, HackyClub detected an uptick in a malicious phishing campaign mimicking streaming providers.


The email claims it is from NETFLIX, with the true sender domain as tosconova[.]com. From our investigation, the domain is associated with ActiveCampaign, which is an email marketing service.


Following the link will lead you to myaccount-netflix[.]sytes[.]net which looks very similar to a Netflix webpage to lure victims to enter their credit card information.


HackyClub recommends fellow cyber defenders to perform a back-testing (30 days) with the link in the email to check if there were any users who have accessed the link to determine further actions

Last updated