Phishing threats have evolved over the years as threat actors have found more inventive ways to raise the stakes from a financial perspective. For example, revenue from BEC’s and Ransomware is estimated well into the Billions (USD) on an annual basis, netting threat actors’ massive profits. Despite this, we do still see attacks aimed an PII and credit card details to be leveraged in fraudulent transactions.

One of these recent attacks leveraged a Netflix theme, stating the recipient’s account has been placed on hold until their payment details are updated. The message urged the user to update their payment details by clicking on a link within the message.

Following the link leads to the attacker-controlled and realistically named domain (processingsolution24o.]com) for credit card “processing”. However, this domain has been registered by the threat actor and is not related to legitimate Netflix billing. If the user enters their card details, it would be posted to a PHP page at otlP.]su. It appears this site may be a legitimate Russian logistics provider who attackers have likely compromised to use for fraud.

Organizations are focusing much of their attention on the most impactful threats like BEC, Ransomware and Credential/Data theft and for good reason. However, it is also important to remember that threats like ID Theft and Credit fraud still exist and everyone should be mindful in taking precautions to safeguard yourself against these threats.

What can I do?

• Never follow links in unsolicited email- if you believe the request is legitimate, navigate to the website/portal out of band.
• Monitor card-linked account activity often.
• Avoid using public Wi-Fi for transactions.
• Be careful what you share on social media.
• Be on the lookout for DSD activity as it is often an indicator of fraudulent activity.
• Watch out for card skimmers.