Threat actors target a range of services often either due to credential resale value or to target higher value accounts in credential stuffing campaigns. Last month, WMC Global tracked three unique Netflix-branded phishing campaigns that resulted in over 390,000 unique URLs (Figure 1). These campaigns were solely distributed via text messages (SMS) to US mobile numbers. WMC Global’s analysis in the campaigns provides unparalleled visibility into Netflix-branded phishing attacks.

Throughout the early months of the COVID-19 pandemic, when companies and consumers were forced to adapt to remote working arrangements and adopt digital interactions with family and friends to stay connected, PhishFeed witnessed a stark rise in phishing attacks, particularly in attacks configured to show only on mobile devices. Since January 2020, PhishFeed has collected tens of thousands of phishing URLs and kits, many of which were branded with COVID-themed domains, URLs, or attack content by the responsible threat actors, as seen in Figure 1.