Netflix Credentials Targeted by Phishing Campaign BE AWARE

By Ionut Ilascu    9 Jan 2015, 00:07 GMT

A new malicious email campaign has been observed by security researchers to target customers of Netflix by feeding them a message purporting to be an important notification from the media streaming service.
The new phishing attempts may come on the background of recent complaints from some users that some VPN setups they used to access Netflix content from outside the approved geographical locations were no longer working.
Recipients are baited with payment information update requirement
The lure to the fraudulent page that harvests the log-in credentials for the service is as common as always, the recipient being informed that validation of the payment details has failed and the data needs to be re-entered; this can be done from a conveniently placed link in the message.

The URL leads to a page that mimics a legitimate one from Netflix, asking for card information that could be used for online shopping. Basically, the potential victim is asked for the full name, number and expiration date of the card, as well as the CVV (card verification value), according to a report from AVG.

The email sample caught by the antivirus vendor includes original graphics from Netflix in order to make it look legitimate, and may fool many subscribers to the service.

As soon as the “Update Payment Method” button is hit, all the information entered in the text fields reaches the cybercriminals, who can start shopping online with the harvested card data.
Signs of the deceit
Converting the goods into cash is easy, as most of the times, the items are sold at a fraction of the price. Moreover, crooks involved in this sort of scams rely on a well-organized operation that can generate the money quickly.

It must be noted that the addressing formula is what should raise suspicions. Upon creating an account, a customer has to provide a name, which is used in official communications from the company; it is not the case with this email, which starts with “Dear subscriber.”

On the same note, the cybercriminals create a sense of urgency for accessing the scammy web page by claiming that the account would be disabled unless the payment validation details are updated in a period of three days.

Users are advised to check the legitimacy of the emails straight on the official page of the service and to avoid clicking on the provided link. All phishing messages can be forwarded to for investigation.


Tags: , , , , , , ,

Comments are closed.

%d bloggers like this: