The last two weeks have experienced an increase in spearphishing targeting corporate users on their personal accounts, along with a rise in Netflix phishing activity. Here are some examples and highlights.
hebelex[.]com/
ry74tykjrnm[.]asialink88[.]info
taxliencode[.]constructappsolution[.]com
2ndlinksffice[.]appforconstruction[.]com/
onlinery[.]norterc[.]com/
signin[.]neflix[.]payment-reminders.144-126-136-207[.]cprapid[.]com
payments[.]oauth-netflix[.]updateverification[.]50-6-173-246[.]cprapid.com
signin-netflixpaymentsupdates[.]50-6-172-50[.]cprapid.com
On November 25th, a staff member at a school district clicked on a spearphish targeting their Microsoft credentials. While the hacker was targeting their professional email password, the end user confirmed that they clicked the phishing link in their personal email.
On November 19, 2025, an employee at a Minnesota organization clicked the below phishing page.
Hackers know that corporate email is better defended than personal email. Targeting users via their personal email often, therefore, presents a path of less resistance.
On Thanksgiving day, a staff member at an organization opened the below spearphish. It was sent from a valid email address from a known business associate at a local Home Builders Association.
The previous day, an executive at the Home Builders Association had their own corporate email compromised. Leveraging the trusted communications with their contact, the hacker sent an email to the targeted user via the compromised account.
The email contained a View Document call to action, referencing a proposal that was likely anticipated by the recipient. The full email included the sender’s signature and a headshot photo.
During the same period, we saw a large surge in Netflix phishing attacks being clicked in districts across Georgia, Texas, and Washington.