- A new Netflix phishing scam is creating visits that attempt to steal your login and credit card information by updating your account.
- The scam surprisingly directs the Netflix clone site for users to enter their details.
- Always be sure to triple check the sender before clicking the link for any email you receive.
The Internet is a dangerous place. By now, many of us are smart enough to avoid the most obvious scams and online ones, but like a mutant virus, it forces bad actors to adapt. As a result, scams become even more difficult to detect, which is why it is very important to be diligent when visiting websites or opening suspicious looking emails. At that point, the cloud office security platform ArmorBlox published a blog post this week in a new Netflix phishing attack that attempts to steal your login credentials, billing addresses and credit card details.
ArmorBlox first noticed the phishing attack a few weeks ago when Netflix customers started receiving emails in their inboxes that claimed to be from Netflix support. The email informed customers that there was a problem verifying their personal details and resulted in billing issues. They were also told that if they did not update their personal information to solve the problem then their accounts would be canceled in 24 hours.
“When Target clicked on the link, they were led to a fully developed Netflix lookalike website with a phishing flow that asked them to participate with their Netflix login credentials, billing addresses and credit card details , ”Explained Kavach co-founder Chetan Anand. blog post. “After the phishing flow was completed, the target was redirected to the actual Netflix home page, which no one was sensible about being modified.”
Email phishing attacks amount to more than a dozen, but as ArmorBlox points out, it was a notable one as it was able to be obtained through email security controls. The first trick that hackers used was redirecting to a “fully functioning captcha page with subtle Netflix branding” if they clicked the link in the email. This made the whole process more legitimate, and might be enough to convince some Netflix subscribers.
In addition, both the CAPTCHA page and the Netflix clone site were hosted on legitimate domains, one of which is from the Wyoming Health Fair and the other hosted on the site of an oil and gas company in Texas. “By hosting phishing pages on legitimate parent domains, attackers are able to break out of security controls based on URL / link security and get past filters that block known domains,” says Anand.
Finally, the Netflix clone site itself, which you can see below, actually looks like a real Netflix login page. Even this is something superfluous, such as “Need help?” Link and the option to login with Facebook (although these additional links reload the same page – they are not really functional if you click on them 🙂
It never hurts to know whether or not you may have fallen for this scam. After all, if you managed to get that email through your inbox, there is a chance you could pass on your personal information and credit card number. That said, the smarter that this attack can be relative to the spam you ignore every day, the easier it is to find the address bar in your browser.