Threat Alert: TOAD Attacks Use Hulu+ Bundles 

• Cybercriminals have launched phishing attacks abusing Hulu+ branding. 
• The phishing lures notify recipients of a supposed scheduled subscription renewal charge to their Hulu+ account. 
• The messages include an attached PDF with a fraudulent invoice and instructs recipients to contact a supposed customer support service to cancel the subscription. 
• Callers to the support line are ultimately instructed in downloading remote monitoring and management software onto their computer. 

Key Actions (At Work and at Home)

• Never trust a phone number included in an email, especially if the message was not expected. Cybercriminals frequently establish phone numbers and call centers for malicious purposes. Use only trusted, verified numbers when calling to confirm claims made in emails and other messages.   
• Beware of unexpected emails that pose as support notifications or account alerts. Many people are fooled by fraudulent customer service emails and are tricked into installing dangerous software. It’s critical to confirm account alerts at the source, outside of email. 
• Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.