Request a demo
publishing date icon
January 19, 2024
read time icon
5 min. read

Threat feed week 3: Netflix, QuickBooks, postal and banking impersonations

Author image
Threat Analyst Team
Post hero image

Table of contents

Netflix impersonation

“Your membership has expired!”

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Date: 17.01.2024

In this phishing email, the attacker tries to get the recipient's banking details by impersonating Netflix.

Netflix impersonation

The visual appearance of the message makes it quite convincing. However, it can be identified as a phishing email since there is a sense of hurry and the message does not come from the netflix(.)com domain.

Analyst: Wivi Koenkytö

QuickBooks impersonation

"Payment Processed: Your Subscription is Now Active"

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious phone number

Region: Global

Date: 18.01.2024

This email impersonates QuickBooks. It attempts to create a scenario where the recipient ordered a Business Essentials Plan from QuickBooks.

To cancel the order, the recipient has to call a malicious phone number.

Analyst: Kaarlo Mahlberg

Vero impersonation

"Important Information on Tax Refunds"

Hox rating: ★★✩✩

Threat type: Advanced

Payload: Malicious link

Region: Finland

Date: 15.01.2024

This phishing email is impersonating Verohallinto, the Finnish tax authority. The email suggest that the recipient has unclaimed tax refunds and urges the recipient to go and see the refunds by clicking the link on the mail.

Merkitsevä Tiedote Veronpalautuksista

The link then leads the recipient to a fake Vero page and asks for recipients payment information.

Analyst: Kaarlo Mahlberg

Posti impersonation

"Shipping delivery error message"

Hox rating: ★★★✩

Threat type: Advanced

Payload: Malicious link

Region: Finland

Date: 16.01.2024

"We are sorry to inform you that your parcel delivery failed. A new delivery company requires payment of a delivery fee."

Posti impersonation

In this advanced campaign, the attacker tries to get the recipient's banking details by impersonating Finland's well-known postal service. The body of the message is very convincing, but the clumsy language and sense of urgency reveals that this is actually a phishing campaign.  

Analyst: Wivi Koenkytö

Danske Bank impersonation

"You have (1) important message in your secure mailbox"

Hox rating: ★★✩✩

Threat type: Advanced

Payload: Malicious link

Region: Finland

Date: 17.01.2024

"You have (1) important message in your secure mailbox. To see it, click on the link below: More information."

Danske Bank impersonation

In this phishing email, the attacker impersonates Danske Bank in order to get the recipient to give their banking credentials and personal details to the attacker.  

Analyst: Wivi Koenkytö

Keep up with the threat feed

Don’t miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to All Things Human Risk

Subscribe to our newsletter for a curated digest of the latest news, articles, and resources on human risk and the ever-changing landscape of phishing threats.

We're committed to your privacy. Hoxhunt uses the information you provide to us to contact you about our content, products, and services. You may unsubscribe from these communications at anytime. For more information, check out our Privacy Policy.