publishing date icon
February 9, 2024
read time icon
5 min. read

Threat feed week 6: Netflix, MetaMask, Geek Squad and other impersonations

Post hero image

Table of contents

share this post

Microsoft impersonation: "Your mailbox has reached its capacity"

“Resolve Now: Limited Storage Preventing Email Activity”

Hox rating: ★★✩✩
Threat type:
Bulk phishing
Payload
: Malicious link
Region:
Global
Date
: 02.02.2024

In this phishing email, the attacker impersonates a Microsoft mailbox notification in order to increase the email's credibility. The link leads to a credential harvester.

Microsoft impersonation: "Your mailbox has reached its capacity"

Analyst: Wivi Koenkytö

Netflix impersonation

“RE: Your membership has expired!”

Hox rating: ★★✩✩
Threat type:
Bulk phishing
Payload
: Malicious link
Region:
Global
Date
: 06.02.2024

In a follow-up to a phishing campaign from a couple of weeks ago, this Netflix impersonation claims there is a failure with subscription renewal.

Netflix impersonation: Your membership has expired

However, the email isn't legitimate. It is noticeable from the sender domain not being affiliated with the service.

Analyst: Sampo Lenkola

SharePoint impersonation

“[RECIPIENT COMPANY] Financial report and Cash Flow Statement”

Hox rating: ★★✩✩
Threat type:
Bulk phishing
Payload
: Malicious link
Region:
Global
Date
: 07.02.2024

This email pretends to be a SharePoint notification informing the recipient about a shared file.

SharePoint impersonation

The file is named "Financial Report & Cash Flow Statement" in order to arouse curiosity and trick the recipient into clicking the 'Open' button, which hides a malicious link.

Analyst: Siiri L.

MetaMask impersonation

"🚨 Join the Elite $MASK Holders Now!"

Hox rating: ★★★✩
Threat type:
Bulk phishing
Payload
: Malicious link
Region:
Finland
Date
: 07.02.2024

This email impersonates MetaMask, claiming that as a dedicated user, the recipient is entitled to free $MASK tokens during the airdrop.

MetaMask impersonation

To claim the tokens, the recipient is urged to click the malicious 'Claim $MASK' button to secure their wallets.

Analyst: Siiri L.

DHL impersonation

"DHL Express: Notice of unsettled duty dee for package delivery"

Hox rating: ★★✩✩
Threat type:
Bulk phishing
Payload
: Malicious link
Region:
Global
Date
: 08.02.2024

This phishing email impersonates DHL Express. The attacker claims that the recipient has not paid a delivery fee and their package cannot be delivered.

DHL Express impersonation: Notice of unsettled duty dee for package delivery

The recipient is asked to pay the amount on a 'secure' website, which is actually a malicious site.

Analyst: Siiri L.

Geek Squad impersonation

"Welcome to Your Premium Experience"

Hox rating: ★★✩✩
Threat type:
Bulk phishing
Payload
: Malicious phone numner
Region:
Finland
Date
: 08.02.2024

This email is impersonating Geek Squad. The email claims that the recipient's premium subscription has been activated. If the recipient didn't authorize this subscription, they should call the number provided in the email.

After they call the number, the malicious actor attempts to gain financial and personal information from the recipient.

Analyst: Kaarlo Mahlberg

Keep up with the threat feed

Don’t miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.