.png)
With people spending an unprecedented amount of time at home given COVID-19, Netflix and other home-based entertainment usage is at an all-time high. Consequently, hackers are finding new ways to target their victims using phishing attacks and Office 365.
Most companies are upgrading their Outlook to Office 365. Hackers who can obtain specific e-mail addresses are using it to target select victims. This has not been caught within the bulk email filters of the Office 365 Exchange Online Protection (EOP). At times, phishing attacks are cleverly implemented and not identified by the network firewall systems.
Hackers are cleverly using phishing attacks to hit Netflix subscribers. (Phishing attacks comprise a longstanding tradition. However, the way hackers exploit phishing attacks becomes increasingly mischievous.)
Hackers are now creating credit card phishing emails. These can land in a company’s Outlook inbox claiming to come from Netflix with a warning that the user’s streaming service account is being put on hold. * A request to re-enter credit card details is being asked of the targeted victims. This is to steal their credit card information. Using improvised language and correct customer service phone numbers to make these emails look more legitimate is how hackers carry out their designed attack.
As Gulf News reports on the COVID factor regarding cybercrime: “The sudden shift to working from home opened up security gaps for hackers.” ** Because of COVID-19, most employees are teleworking and trying to chaperone their kids during the day. As a result, families across the U.S. are using Netflix more and more to entertain their kids so they can work. Hackers are very much aware of this and are hence targeting Netflix users to bankroll their initiatives. For those hackers able to have the end user click on the URL provided within the body of the e-mail, the link in the e-mail allows the attackers to enter their credit card details. This leaves the information vulnerable to being relayed back to the hackers, not be flagged by the e-mail system’s endpoint protection service or be blocked as a malicious link.
An example of hackers becoming a steward of proper language is that the hackers are now including typical language that Netflix would use to let a customer know that something is wrong with their account. Never discount a hacker’s attempt to achieve their objective when they can study proper wording that Netflix typically uses.
The emails are cleverly combined with techniques to stress the urgency of the matter to the targeted user. This is so the user will act on the matter as soon as possible. There have already been cases identified in which the attack was successful. These instances are now being investigated by various security companies to study and detect the ways the e-mails are being cleverly devised. Given this, you can expect more of this type of attack since success equals more money for the hacker. Basically, it goes back to Security Awareness Training 101. If the end user suspects they have received an ambiguous e-mail or phishing email, it pays to perform due diligence and check out every word within the body of the e-mail so that you don’t become the next victim.