Security researchers are warning that corporate accounts could be at risk after noting a 78% increase in email impersonation attacks spoofing the Netflix brand since October.
If employees use the same credentials for personal accounts like Netflix as their work accounts, campaigns like this may imperil corporate systems and data, warned Egress.
The group behind this particular campaign is using Unicode characters to bypass natural language processing (NLP) scanning in traditional anti-phishing filters, the security vendor claimed.
“Unicode helps to convert international languages within browsers – but it can also be used for visual spoofing by exploiting international language characters to make a fake URL look legitimate,” Egress wrote.
“For example, you could register a phishing domain as ‘xn–pple-43d.com,’ which would be translated by a browser to ‘аpple.com.’ This is known as a homograph attack.”
Unicode is also used in the sender display names, such as “Netflix” and “help desk.” However, the threat actors didn’t stop there.
“Other obfuscation techniques include trying to break up the text with non-identifiable characters, white on white text, and using characters from different languages to break the NLP’s perception as much as possible,” the vendor continued.
“For example, using two V characters next to one another will be read as two Vs by a machine. But to a person skim-reading, VV looks a lot like W.”
Alongside these techniques, the phishers use classic social engineering tactics, such as rushing the user into action and piggy-backing on current events – in this case Netflix’s introduction of a new ad-tier package.
Although over half (52%) of the emails spotted by Egress use this lure, other subject lines include “Netflix cancellation confirmation” and “Get Unlimited Membership for $0.99.”
The campaign appears to be targeting users in the US and UK primarily.
“The concern for organizations is if an employee has their credentials harvested and uses the same, or very similar, passwords for their work accounts,” Egress concluded.
“Both organizations and individuals also need to be aware how attackers weaponize the 24-hour news cycle to generate new, targeted attacks.”
The vendor said it further highlights the need for advanced anti-phishing tools.
“These attacks are sophisticated and you can’t just rely on training and the human eye,” it added.
