---
title: "Cybersecurity News, Netflix Phishing Surge, Healthcare BEC Arrests, Canadian Schools Hit by Cyber-Attack | DMARC Report"
description: "Phishing remains the #1 initial access vector for cyberattacks, and email authentication (SPF + DKIM + DMARC) is the primary technical defense."
image: "https://dmarcreport.com/og/blog/news-phishing-surge-bec-arrests-cyberattcak.png"
canonical: "https://dmarcreport.com/blog/news-phishing-surge-bec-arrests-cyberattcak/"
---

Quick Answer

Phishing remains the #1 initial access vector for cyberattacks, and email authentication (SPF + DKIM + DMARC) is the primary technical defense.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fnews-phishing-surge-bec-arrests-cyberattcak%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20News%2C%20Netflix%20Phishing%20Surge%2C%20Healthcare%20BEC%20Arrests%2C%20Canadian%20Schools%20Hit%20by%20Cyber-Attack&url=undefined%2Fblog%2Fnews-phishing-surge-bec-arrests-cyberattcak%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fnews-phishing-surge-bec-arrests-cyberattcak%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fnews-phishing-surge-bec-arrests-cyberattcak%2F&title=Cybersecurity%20News%2C%20Netflix%20Phishing%20Surge%2C%20Healthcare%20BEC%20Arrests%2C%20Canadian%20Schools%20Hit%20by%20Cyber-Attack "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20News%2C%20Netflix%20Phishing%20Surge%2C%20Healthcare%20BEC%20Arrests%2C%20Canadian%20Schools%20Hit%20by%20Cyber-Attack&body=Check out this article: undefined%2Fblog%2Fnews-phishing-surge-bec-arrests-cyberattcak%2F "Share via Email") 

![Cybersecurity News, Netflix Phishing Surge, Healthcare BEC Arrests, Canadian Schools Hit by Cyber-Attack](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) 

\*\*Phishing remains the #1 initial access vector for cyberattacks, and email authentication (SPF + DKIM + DMARC) is the primary technical defense. Per the [FBI’s 2022 IC3 Report](https://www.ic3.gov/Media/PDF/AnnualReport/2022%5FIC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year. DMARC with `p=reject` prevents attackers from spoofing your domain in phishing campaigns.

## Netflix Phishing Emails are Up By 78%

> From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.

Security researchers warned that \*\*corporate accounts might be at risk after they noticed a 78% rise in [email impersonation attacks](https://threatcop.com/blog/email-impersonation-attack/) posing as the \*\*Netflix brand since October. If employees used the same credentials for Netflix as their work accounts, such campaigns could imperil corporate data and systems, warned researchers.

The group behind the [phishing](https://www.ibm.com/topics/phishing) campaign used Unicode characters to bypass NLP (natural language processing) scanning in traditional anti-phishing filters.

> 

“Unicode helps convert international languages within browsers, but cybercriminals can use it for [visual spoofing](https://www.malwarebytes.com/glossary/visual-spoofing) where they exploit international language characters and make a fake URL look legitimate,” researchers wrote.

For example, hackers can register a phishing domain ‘xn-pple-43d.com,’ which the browser will translate to ‘аpple.com.’ It is known as a **homograph attack**. Emails also use Unicode in sender display names like “help desk” and “Netflix.” But the cybercriminals didn’t stop there.

![Phishing](https://media.mailhop.org/dmarcreport/images/2023/01/Phishing.jpg) 

“They used other [obfuscation](https://www.lifars.com/2020/11/what-is-obfuscation-in-security/) techniques like \*\*breaking up the text into non-identifiable characters, using different language characters and \*\*white on white text to break the [NLP](https://www.techtarget.com/searchenterpriseai/definition/natural-language-processing-NLP)’s perception,” the researchers and security vendor Egress said. “For example, a machine will read two simultaneous V characters as two Vs. But to a skim-reading person, VV looks like W.”

The campaign targeted users primarily in the US and UK.

> 

“The issue concerns organization because if an employee’s credentials are compromised, and they use the same passwords for work accounts, the complete organization can get jeopardized,” Egress concluded.

The vendor further highlighted the requirement for advanced [anti-phishing](https://www.techopedia.com/definition/23907/anti-phishing-service) tools.

“These are sophisticated attacks, and you can’t merely rely on training and the human eye,” it added.

![Dmarc check](https://media.mailhop.org/dmarcreport/images/2023/01/dmarc-check-7627.jpg) 

## Ten Individuals Charged in $11m Healthcare BEC Plots

Ten individuals were charged with money laundering and [business email compromise (BEC](https://www.bleepingcomputer.com/news/security/fbi-says-business-email-compromise-is-a-43-billion-scam/)[)](https://www.bleepingcomputer.com/news/security/fbi-says-business-email-compromise-is-a-43-billion-scam/) offenses. They defrauded Medicare, Medicaid, and private health insurance programs for over $11m. The charges relate to seven Georgia and South Carolina individuals who used stolen credentials to open \*\*bank accounts for shell companies.

According to the **DoJ (Department of Justice)**, the fraudsters ran schemes to trick employees working in the private and public health insurance programs into sending funds to these accounts, thinking they were hospitals.

_The attackers conned two Medicare administrative contractors, five state Medicaid programs, and two private health insurers in this way._ They used some funds to buy automobiles and luxury goods, and the three remaining defendants laundered the remaining through bank accounts registered with fake or **stolen identities**.

![Healthcare BEC](https://media.mailhop.org/dmarcreport/images/2023/01/Healthcare-BEC.jpg) 

One of the ten convicts, Adewale Adesanya, 39, of Georgia, pleaded guilty in June to using a false passport and conspiracy to commit [money laundering](https://www.moneylaunderingnews.com/2023/01/money-laundering-watch-2022-year-in-review/). Adesanya received a four-year prison term for laundering over $1.5m from BEC schemes targeting the Small Business Administration (SBA), Medicaid programs, the IRS, and a private company.

Nine individuals await trial and, if found guilty, can face a maximum sentence between 20-30 years . “The allegations depict a \*\*brazen effort for siphoning funds, in part, from essential healthcare programs for personal gain,” said Christian Schrank, deputy inspector general for investigations, US Department of Health and Human Services Office of Inspector General (HHS-OIG).

## A Cyber-Attack Leaves Canadian Schools Without Access To Emails Or Emergency Contact Information

The Durham District School Board (DDSB) said it was recovering from a ‘cyber-incident’ that left schools without access to email or phone services and **emergency contact information**.

The school board sent a letter to parents and guardians that they immediately took steps to secure their network as soon as they learned about the incident. The letter further said that in-person schools will remain open, but “all DDSB \*\*phone and email services are out of service, and schools may not be able to access emergency contact information.”

The school board asked parents and guardians to share \*\*temporary \*\*emergency contacts with their children and send them to school.

The letter says that schools will take \*\*manual attendance and not contact parents and guardians if their child is absent.

The letter also mentions that it canceled all ‘DDSB@Home’ classes and literacy tests while warning that the student [Chromebooks](https://edu.gcfglobal.org/en/chromebookbasics/what-is-a-chromebook/1/) will not work. The DDSB said schools “are taking measures to ensure **safe operation**,” adding that community and childcare services use of the schools will continue.

There is no further information regarding the apparent cyber-attack’s nature or when the service access will get restored.![What is dmarc](https://media.mailhop.org/dmarcreport/images/2023/01/what-is-dmarc-7628.jpg)

## Hackers Access Radio Free Asia Email Server, Leak Personal Data of Nearly 4,000 People

A US government-sponsored news outlet Radio Free Asia announced a \*\*breach that targeted almost 4,000 people. It leaked troves of personal information, including passport, [Social Security numbers](https://www.investopedia.com/terms/s/ssn.asp), and financial data.

RFA filed documents with Maine’s attorney general, saying the hack occurred on June 17, and RFA discovered it on June 28\. The hack affected at least 3,779, which included the theft of driver’s license numbers, addresses, medical information, health insurance information, and “limited financial information.” “The incident came to light on June 28, 2022, indicating \*\*unauthorized access to our email system. Immediately following the detection and responding quickly, we took RFA systems offline and took \*\*swift measures to contain and address the incident. It included engaging \*\*data security and privacy professionals, launching an investigation, changing passwords, working with law enforcement, and migrating to a [cloud-based email](https://www.zdnet.com/article/cloud-based-email-services-everything-you-need-to-know/) environment,” RFA said in a letter to victims.

“According to the investigation, the unauthorized access was from a service provider’s [vulnerability](https://thehackernews.com/2022/12/microsoft-reclassifies-spnego-extended.html) exploit, unknown to RFA at the time of compromise.”

Victims were offered Equifax two years of **credit monitoring**. Although RFA did not respond to queries, spokesperson Rohit Mahajan said hackers never contacted them. He added that RFA notified the US Congress, the United States Agency for Global Media, and the [Email security](https://dmarcreport.com/dmarc-record/) and Infrastructure Security Agency.

RFA covers news on several Asian countries like China, Myanmar, Laos, North Korea, Cambodia, Vietnam, and more. It is among the handful of \*\*news outlets attacked this year, including The Wall Street Journal, Fast Company, New York Post, and Nikkei.

## \*\*Final Words While a \*\*multi-layer approach to cybersecurity may prove to be most effective, it is not enough to simply rely on one spam filtering tool or an [antivirus](https://www.bleepingcomputer.com/news/security/antivirus-and-edr-solutions-tricked-into-acting-as-data-wipers/) solution, as evident from the incidents above.

![Email security](https://media.mailhop.org/dmarcreport/images/2023/01/email-security.jpg) 

For better security, individuals and organizations must leverage multiple \*\*email filtering layers. As a website owner, you must ensure that your customers or visitors only see the emails that you send. Hence, implementing \*\*authentication measures such as [DMARC](https://dmarcreport.com/) is a necessity for all domain owners in today’s times.

## Topics

[ dmarc record ](/tags/dmarc-record/)[ email security ](/tags/email-security/)[ News ](/tags/news/) 

![Vasile Diaconu](https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg) 

[ Vasile Diaconu ](/authors/vasile-diaconu/) 

Operations Lead

Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report.

[LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Foundational 11m  DMARC Forensic Report: Essential Insights for Email Security  Apr 24, 2025 ](/blog/dmarc-forensic-report-essential-insights-for-email-security/)[  Foundational 5m  DMARC in a Multi-Domain Environment: Best Practices for Complex Setups  Aug 4, 2023 ](/blog/dmarc-in-a-multi-domain-environment-best-practices-for-complex-setups/)[  Foundational 3m  Hackers Are Exploiting the Google Groups’ Practice of Rewriting “From:” Addresses; Should You Rethink Before Continuing on Google Groups Now?  Nov 20, 2023 ](/blog/hackers-exploiting-google-groups-address/)[  Foundational 5m  How to Check if Your Email Authentication Is Set Up Correctly for DKIM, DMARC, SPF & BIMI  Jan 19, 2023 ](/blog/how-to-check-if-your-email-authentication-is-set-up-correctly-for-dkim-dmarc-spf-bimi/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity News, Netflix Phishing Surge, Healthcare BEC Arrests, Canadian Schools Hit by Cyber-Attack","description":"Phishing remains the #1 initial access vector for cyberattacks, and email authentication (SPF + DKIM + DMARC) is the primary technical defense.","url":"https://dmarcreport.com/blog/news-phishing-surge-bec-arrests-cyberattcak/","datePublished":"2023-01-10T10:50:53.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2023-01-10T10:50:53.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/news-phishing-surge-bec-arrests-cyberattcak/"},"articleSection":"foundational","keywords":"dmarc record, email security, News","wordCount":1172,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Cybersecurity News, Netflix Phishing Surge, Healthcare BEC Arrests, Canadian Schools Hit by Cyber-Attack","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Cybersecurity News, Netflix Phishing Surge, Healthcare BEC Arrests, Canadian Schools Hit by Cyber-Attack","item":"https://dmarcreport.com/blog/news-phishing-surge-bec-arrests-cyberattcak/"}]}
```