Pangolin Store

TeamRed Roundup: Netflix Phishing and the Amnesty International Attack

TeamRed Roundup: Netflix Phishing and the Amnesty International Attack

A new Netflix scam appears

Old tricks still work for cybercriminals even in an age of increased awareness of security risks. 

According to US authorities, there is a new phishing scam that is targeting Netflix subscribers. Malicious actors are using a classic play, sending emails to users claiming that their subscriptions to the video-streaming giant would be put on hold unless they updated their payment methods.

If you receive such emails, be it from Netflix, Microsoft, Google, Blizzard Entertainment, or any other services you may subscribe to, make sure that it’s legitimate. Don’t trust the email even if it seems to come from a real address.

The best way to stay safe is to get in touch with customer support through links found on their official websites. All it takes is an email or a call. Don’t let the lazy criminals get an easy win!

Source: Threat Post

North Korean defectors have their data stolen

North Korean defectors already put themselves through a lot of danger, but it seems that some of them continue to be at risk due to a cybersecurity failure.

It’s been reported that a South Korean settlement center had one machine that was infected by malware, and this code allowed hackers to steal the data of almost 1,000 defectors.

Their families back in North Korea may be at risk, but let’s hope for the best. North Korea is known to have some of the most skilled hackers out there.

Source: BBC

2FA may have failed Amnesty International 

Two attacks on Amnesty International, which resulted in the theft of victim information, were the result of two factor authentication (2FA) being easily bypassed.

Those responsible for the attack showed advanced attack strategies, which included setting up websites that closely mirrored legitimate ones. Some of the victims were fooled into sharing their passwords under the notion that they needed to do so to protect themselves. They even put up a Google page that provided SMS codes.

Attacks like these are especially troubling because of the vulnerable nature of the victims. We hope that the information stolen doesn’t lead to danger from governments or other outside forces.

Source: SC Magazine

Join the Pangolin Community

Sign up to get notified about our latest blog posts, and get updates about Pangolin!