publishing date icon
December 29, 2023
read time icon
5 min. read

Threat feed week 52: Netflix, UPS, and Ledger impersonations

Post hero image

Table of contents

share this post

Netflix impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Global

Date: 23.12.2023

In this phishing email, the recipient is told that their payment details need to be updated in order to continue their Netflix subscription.

The recipient is given a link to a website where they are enforced to give their credentials to the attacker.

Analyst: Wivi Koenkytö

UPS impersonation

Hox rating: ★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Date: 26.12.2023

In this phishing email, the attacker tries to fool the recipient by claiming that their package is waiting for delivery.

The quality of the visuals is poor and this is an unexpected message for the recipient, making the attack very ineffective. The link embedded in the message leads to a credential harvester.

Analyst: Wivi Koenkytö

Die Post: Swiss National Post impersonation

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Europe

Date: 22.12.2023

"You have an Ab package from manor.ch (a Swiss department store chain) that is still pending delivery. Claim package."

In this phishing email, the attacker tries to get the recipient's credentials by claiming that they have an incoming package which requires their attention. The embedded link leads to a credential harvester.  

Analyst: Wivi Koenkytö

Wells Fargo impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Date: 27.12.2023

In this phishing email, the attacker uses a Google Drive sharing feature as a technique to make the message seem like a legitimate email from the Wells Fargo Bank. However, it is extremely suspicious that a financial services company would send something via Google Drive.

Once the recipient opens the link, they see that it is actually a phishing campaign: it contains a PDF file of poor quality and low credibility.

Analyst: Wivi Koenkytö

Ledger impersonation

Hox rating: ★★✩✩

Threat type: Advanced

Payload: Malicious link

Region: Europe

Date: 28.12.2023

In this phishing email, the attacker utilizes real-life events to trick the recipient into giving their credentials and possibly money. The company in question has recently informed its service users of vulnerabilities in their application, which the attacker now uses to convince the recipient to follow their guidance.  

The link is actually malicious and leads to a credential harvesting website.  

Analyst: Wivi Koenkytö

Microsoft impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Embedded credential harvester

Region: Global

Date: 28.12.2023

In this phishing email, the attacker has embedded a credential harvester directly into the email body. As the recipient has no other information of the email's content, they are enforced to enter their credentials without even realizing.

Analyst: Wivi Koenkytö

Osuuspankki – Finnish bank impersonation

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Finland

Date: 28.12.2023

"Dear customer, We are obliged to ensure that your bank details are up to date. That's why we ask you to update your information by answering a few questions. We recommend updating your information immediately so you don't have to worry about it later."

In this phishing email, the attacker tries to get the recipient's bank details by impersonating a well-known Finnish financial company. As people tend to be very cautious with their banking information, this message provokes a sense of worry, which is why it works as an efficient phishing technique.  

Analyst: Wivi Koenkytö

Keep up with the threat feed

Don’t miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.