Recently we could see one network security issue with one of the bigger players in digital content. Netflix, with its 86 million users worldwide (Wiki, 2017), are a natural component for criminals to use for their online scheming. Recently the company Firefly used their Email Threat Detection (ETP) tool (Firefly, 2017) to detect an email phishing scheme aimed at Netflix users. What the company discovered were some professionally designed phishing emails taking the victims to an online site asking them to update their billing information.

“This campaign is interesting because of the evasion techniques that were used by the attackers” (Dalla, 2017) said the investigator, and listed out three aspects that separated this phishing campaign from others:

  • The phishing pages were hosted on legitimate, but compromised web servers.
  • Client-side HTML code was obfuscated with AES encryption to evade text-based detection.
  • Phishing pages were not displayed to users from certain IP addresses if its DNS resolved to companies such as Google or PhishTank

As you can see from their technique, they took educated steps in order for them to avoid being detected longer than “typical” phishing schemes.

 

Wikipedia (2017) Netflix
https://en.wikipedia.org/wiki/Netflix (Accessed: 12 January 2017)

Firefly (2017) Email Security
https://www.fireeye.com/products/ex-email-security-products.html (Accessed: 12th January 2017)

Dalla, M. (2017) Credit Card Data Targeted
https://www.fireeye.com/blog/threat-research/2017/01/credit_card_dataand.html (Accessed: 12th Januar 2017)