- Netflix’s new phishing scam is doing rounds that will try to steal your login and credit card information by tricking you into updating your account.
- The scam directs users to surprisingly compelling Netflix cloning sites so they can enter their data.
- Always check the sender before clicking the link in your email inbox.
The Internet is a dangerous place. Nowadays, many of us are savvy enough to avoid the most common scams and tricks online, but like a mutating virus, it forces bad actors to adapt. As a result, scams are even more difficult to detect, so it’s important to be careful when visiting websites or opening emails that look suspicious. To date, the Armorblox security blog has published a blog post detailing a new Netflix phishing attack this week to steal your login information, billing address, and credit card details.
Armorblox first reported a phishing attack a few weeks ago, when Netflix customers began receiving emails in their inboxes claiming to come from Netflix support. The email informed customers that there was a problem verifying their personal information and that this resulted in billing issues. They were also told that their accounts would be terminated within 24 hours if they did not update their personal information to resolve the issue.
“When the targets clicked on the link, they led to a full-fledged Netflix website with a similar phishing flow, which asked them to share their Netflix login, billing address, and credit card information,”; explained Chetan Anand, co-founder of Armorblox. blog post. “Once the phishing flow was complete, the targets were redirected to the real Netflix homepage, no smarter way to be compromised.”
There are dozens of phishing email attacks, but as Armorblox explains, the attack was remarkable because it was able to get through email security checks. The first trick used by hackers was to redirect users to a “full-featured CAPTCHA site with a fine Netflix tag” when they clicked on a link in an email. The whole procedure thus looked more legitimate and could be enough to convince some Netflix customers.
In addition, both the CAPTCHA site and the Netflix clone site were hosted in legitimate domains, one of which belongs to Wyoming Health Fairs and the other is hosted on the Texas Oil and Gas Company’s website. “Phishing hosts in legitimate parent domains are attackers able to evade security checks based on URL / link protection and get through filters blocking known bad domains,” says Anand.
Finally, the Netflix cloning page itself, which you can see below, really looks like the actual Netflix login page. He even has a few foreign gifts, such as a “Need help?” Link and the ability to sign in with Facebook (although these additional links will only refresh the same page – they don’t actually work when clicked):
Whether or not you fall for this scam will never hurt to know what’s out there. If this email is finally delivered to your inbox, there’s a chance that you could give your personal information and credit card number. This means that this attack could be as clever as related to spam that you ignore every day, and it would be as easy to detect as if you were looking at the address bar in your browser.