A new Netflix phishing scam has come into light that attempts to steal your personal and credit card information. Moreover, the phishing email is able to bypass mail security measures in place to block such scams in the first place. This new Netflix Credential Phishing attack was first discovered by Armorblox researchers, which is a cloud office security platform.
In a blog post, the researchers report that they identified a targeted phishing attack that disguised itself to resemble like Netflix Support. The emails sent to Netflix customers are designed to look like a billing failure message which redirects to a fake Netflix website. This credential Phishing attack works a lot on social engineering, in which the victim is made to believe they are at fault. In this case, the phishing email required the users to update their information on Netflix within 24 hours, pending which their subscription stands cancelled.
An attacker sends a phishing email that has been designed in a way to elicit an immediate response from the user. The aim of this email is to take the user to the Netflix lookalike website where the user willingly submits their login credentials, billing address and credit card details. Once these details are successfully recorded, the victim gets a notification prompt saying “Success” and redirects them to the Netflix login page.
The email has been disguised as a “Notice of verification failure” which gives it that authenticity that the user prioritizes their attention to the mail. This is also the reason why it remains undetected by email security such as Office 365 Exchange Online Protection as it doesn’t look like a fake email.
Once the user clicks on the link, it redirects to a captcha page that’s made to look like Netflix with the brands black and red colours. The report also notes that all the pages of this website are hosted on legitimate domains and hence security measures in place are unable to detect it in time. The user is then prompted to Sign In for collecting their login data, followed by prompts to fill billing address and payment details. These three steps ensure that the attackers get the victim’s Netflix login credentials, address and credit card details, leaving the user susceptible to more financial harm.
This Netflix scam banks on the user's inability to look past the superficial construct of the landing website which is hosted on a different URL than Netflix. To protect yourself against such scams, ensure that you click on a link in an email only after verifying the redirection link and keeping a tab on URL’s that come from unknown emails.