INKY Finds New Phishing Attack Technique Spoofing Netflix

A report published this week by INKY Technology, a provider of an email security platform, suggested cybercriminals have found yet another way to impersonate the web pages of a popular brand to harvest credentials—this time, it’s Netflix.

INKY discovered instances of malicious HTML attachments compressed in zip files; when opened, the malware rendered a local copy of a web page that looked identical to what an end user would normally encounter online. In the example INKY cited, cybercriminals created a form that appeared to be sent from Netflix to an end user.

AWS Builder Community Hub

All sender email addresses were spoofed to look like they came from Netflix’s actual domain. In actuality, the phishing emails came from a compromised mail server controlled by a Peruvian university, INKY said.

Bukar Alibe, data curator for INKY, said he hoped end users would be suspicious of any zip file sent to them but unfortunately there are likely to be plenty of end users that would be tricked into giving up personally identifiable information (PII), especially if they assumed the request came from an online brand they trust.

Additionally, INKY is advising end users to make sure they are visiting web sites directly and to hover over links to make sure they go to an actual web site rather than a local file.

SMTP servers should also not be configured to accept and forward emails from non-local IP addresses to non-local mailboxes by unauthenticated and unauthorized users, INKY advised.

Brand impersonation is, of course, not a new attack vector. It’s apparent that cybercriminals are experimenting with new techniques they hope will evade existing anti-phishing tools that organizations have implemented. In effect, it’s a continuous arms race between providers of those tools and cybercriminals looking to evade detection, noted Alibe.

It will be up to each individual organization to determine how and how severely they will penalize end users for falling victim to phishing attacks, However, as phishing attacks become more sophisticated, they are becoming increasingly difficult for the average end user to detect. In fact, end user cybersecurity training needs to be ongoing to enable them to better recognize phishing attacks that are becoming increasingly difficult to detect. The days when phishing attacks could easily be detected because of misspellings, for example, are long over, noted Alibe.

INKY Technology is making a case for a platform that employs machine learning algorithms to make it easier to discover phishing attacks. Those algorithms may not replace the need to train end users, but they do help lower the chances an end user will be presented with an authentic-looking email through which attacks are introduced into an IT environment.

In the meantime, cybersecurity teams should expect to see the volume of phishing attacks continue to increase during a global economic downturn. After all, the number of individuals inclined to engage in illicit activities always increases any time the opportunities for making money by more legitimate means declines.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 620 posts and counting.See all posts by mike-vizard