publishing date icon
January 19, 2024
read time icon
5 min. read

Threat feed week 3: Netflix, QuickBooks, postal and banking impersonations

Post hero image

Table of contents

share this post

Netflix impersonation

“Your membership has expired!”

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Date: 17.01.2024

In this phishing email, the attacker tries to get the recipient's banking details by impersonating Netflix.

Netflix impersonation

The visual appearance of the message makes it quite convincing. However, it can be identified as a phishing email since there is a sense of hurry and the message does not come from the netflix(.)com domain.

Analyst: Wivi Koenkytö

QuickBooks impersonation

"Payment Processed: Your Subscription is Now Active"

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious phone number

Region: Global

Date: 18.01.2024

This email impersonates QuickBooks. It attempts to create a scenario where the recipient ordered a Business Essentials Plan from QuickBooks.

To cancel the order, the recipient has to call a malicious phone number.

Analyst: Kaarlo Mahlberg

Vero impersonation

"Important Information on Tax Refunds"

Hox rating: ★★✩✩

Threat type: Advanced

Payload: Malicious link

Region: Finland

Date: 15.01.2024

This phishing email is impersonating Verohallinto, the Finnish tax authority. The email suggest that the recipient has unclaimed tax refunds and urges the recipient to go and see the refunds by clicking the link on the mail.

Merkitsevä Tiedote Veronpalautuksista

The link then leads the recipient to a fake Vero page and asks for recipients payment information.

Analyst: Kaarlo Mahlberg

Posti impersonation

"Shipping delivery error message"

Hox rating: ★★★✩

Threat type: Advanced

Payload: Malicious link

Region: Finland

Date: 16.01.2024

"We are sorry to inform you that your parcel delivery failed. A new delivery company requires payment of a delivery fee."

Posti impersonation

In this advanced campaign, the attacker tries to get the recipient's banking details by impersonating Finland's well-known postal service. The body of the message is very convincing, but the clumsy language and sense of urgency reveals that this is actually a phishing campaign.  

Analyst: Wivi Koenkytö

Danske Bank impersonation

"You have (1) important message in your secure mailbox"

Hox rating: ★★✩✩

Threat type: Advanced

Payload: Malicious link

Region: Finland

Date: 17.01.2024

"You have (1) important message in your secure mailbox. To see it, click on the link below: More information."

Danske Bank impersonation

In this phishing email, the attacker impersonates Danske Bank in order to get the recipient to give their banking credentials and personal details to the attacker.  

Analyst: Wivi Koenkytö

Keep up with the threat feed

Don’t miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.