Using a mix of invisible and lookalike characters, this phishing attack attempts to get past security scanners by obfuscating both email content and domain names.
We covered a Netflix-related phishing attack earlier last month claiming the recipient’s account was suspended. According to email security vendor, Egress, this attack – and others like it – have resulted in a massive uptick in phishing attacks impersonating the on-demand video giant. Over half of attacks (52%) mention Netflix’s new ad-tier membership package to add legitimacy and drive engagement from potential victims.
According to Egress, the attackers use rare Unicode characters “that the linguistic engines of many secure email gateways (SEGs) are unable to pick up on.” Two examples given by Egress include a homograph attack where the domain is registered using international characters that look like ‘xn–pple-43d.com’, but would be translated by a browser to ‘аpple.com’, as well as a Unicode characters used in email subjects to avoid detection by scanning engines, as shown below in an example where the characters were displayed:
This level of craftiness far surpasses the typical level of attentiveness paid by a user that isn’t concerned about cyberattacks. Users need to be educated with Security Awareness Training to be in a constant state of vigilance when any unexpected email comes in. Assume it’s malicious until proven otherwise.