Phishing campaign impersonating Netflix to steal customer data
30 January 2019
Australian users of Netflix are being targeted with a new phishing campaign that involves the use of carefully-designed emails and a website to lure them into filling in their Netflix account login details and their payment card information, security researchers have revealed.
A couple of years ago, security researchers at FireEye discovered a malicious phishing campaign that involved emails sent to Netflix subscribers to update their Netflix membership details. Once victims clicked on links in such emails, they were redirected to a website that asked for their Netflix login credentials as well as their personal details and credit card information.
Once victims had completed such forms, the fraudulent website redirected them to the legitimate Netflix homepage in an effort to make the scam harder to detect. The researchers warned Internet users to be constantly on the lookout for phishing campaigns which attempted to trick them into handing over login details and other sensitive information.
Scammers’ targeting Australians’ credit cards & Netflix logins
Earlier today, news arrived that a similar phishing campaign is being orchestrated by scammers who are targeting Internet users in Australia using email addresses masquerading as the legitimate email address of Netflix’ support team.
Hundreds of emails sent from the fake email address feature styling and logos that mimic standard emails sent from legitimate Netflix accounts. Via such emails, scammers are informing recipients that their membership has been temporarily suspended and that they need to update their account details to resume their membership.
In order to update their account details, recipients of such phishing emails are being provided with a link to a website that looks very much like the login page for Netflix. Once they visit the site, they are asked to fill in their email addresses associated with their Netflix accounts, passwords, and their full credit card numbers.
Netflix subscribers are popular targets of phishing campaigns
“Netflix customers seem to be incredibly popular targets for threat actors engaged in phishing campaigns, for good reason; Netflix is a globally renowned business, with an easily identifiable name and logo which a significant amount of consumers will have a relationship with, making them more likely to engage with emails pertaining to be from the brand,” says Corin Imai, senior security advisor at DomainTools.
“Netflix phishing scams in the past have been notoriously sophisticated, such as the 2017 campaign which leveraged Netflix content as backing images to the fraudulent emails and web pages, lulling the victim into a false sense of security. Australian Netflix users should treat any email communication from Netflix suspiciously in order to keep their PII safe, particularly one regarding account suspension,” he adds.
“This is just the latest of a series of phishing campaigns that posed as Netflix, which because of its popularity allows criminals to cast a wide net of potential victims. This kind of attacks exploit customer’s trust in brands they can recognise, and are becoming increasingly sophisticated, adding backsplashes and logos to the fake emails to trick victims into clicking on the malicious links,” says Dean Ferrando, System Engineer Manager (EMEA) at Tripwire.
“The best way to avoid falling victim of these scams is to always be on the look for suspicious details that may reveal the email as fictitious, which can be spelling mistakes, poor grammar or a link that directs to a suspicious URL. Reputable brands also often have a support page that helps customers identify and report fake email campaigns and would never ask for personal information or payment details without a reasonable cause,” he adds.