It is being reported today that a Netflix phishing scam which has been circulating for some time has managed to dupe even sophisticated Internet users into providing personal information, and successfully bypassing security software. Kyle Wilhoit, Senior Cybersecurity Threat Researcher at DomainTools commented below.
Kyle Wilhoit, Senior Cybersecurity Threat Researcher at DomainTools:
“Part of what makes this scam appear so legitimate is the attackers re-purposing once valid Internet real-estate. Attackers are starting to realize squatting on old, once legitimate domains buys them time to setup and iron out any inconsistencies with their attack infrastructure. This in essence allows the attacker to ‘fly under the radar’ for a period of time. Domain/URL analysis from search engines or security products periodically crawl domains; and at a later time the attackers infrastructure will likely be crawled again, resulting in being blacklisted. In between the time the attacker takes control of the once legitimate domain and when search engines/security products re-crawl the site, the attacker has been up, operational, and ironing out any of the problems in their infrastructure.”