Netflix users targeted in phishing campaign that might be harder to detect

Ah for the good old days when phishers made such stupid spelling or grammatical errors that their lame attempts were easy to spot.

Mohammed Mohsin Dalla writes:

Through FireEye’s Email Threat Prevention (ETP) solution, FireEye Labs discovered a phishing campaign in the wild targeting the credit card data and other personal information of Netflix users primarily based in the United States.

This campaign is interesting because of the evasion techniques that were used by the attackers:

  • The phishing pages were hosted on legitimate, but compromised web servers.
  • Client-side HTML code was obfuscated with AES encryption to evade text-based detection.
  • Phishing pages were not displayed to users from certain IP addresses if its DNS resolved to companies such as Google or PhishTank.

Read more on FireEye.

h/t, Joe Cadillic

About the author: Dissent