Between August 21 and 27, researchers at INKY detected Netflix being impersonated in a PII data harvesting campaign utilizing malicious HTML attachments compressed in zip files.

From the website operator’s perspective, the only damage that potentially occurs is harm to the site’s reputation. The victims, however, may lose credentials, data, and possibly money.

INKY recently detected a new variant of the tried-and-true phone scam. This time, the perps abused QuickBooks, an accounting software package used primarily by small business and midmarket customers who lack in-house finance and accounting teams.

Between background statements by the NHS and Inky's investigations, researchers were able to determine that the breach was not a compromised mail server but rather individually hijacked accounts.

Toward the end of February, INKY detected a credential harvesting operation that abused Calendly, a freemium calendaring hub, by inserting malicious links on calendly.com event invitations.

Between August 15 and December 13, INKY detected 410 phishing emails that impersonated pharmaceutical and biotechnology giant Pfizer’s brand in a run of request-for-quotation (RFQ) scams.