- A new Netflix phishing scam has been making rounds that attempt to steal your login and credit card information by tricking you into updating your account.
- The scam directs users to a surprisingly compelling Netflix clone site to enter their details.
- Always be sure to triple-check the sender before clicking a link within any email you receive.
The Internet is a dangerous place. Right now, many of us are smart enough to avoid the most obvious scams and maneuvers online, but just like a mutant virus, this forces bad actors to adapt. As a result, scams become even more difficult to detect, which is why being diligent when visiting websites or opening suspicious-looking emails is so important. Until then, the cloud office security platform Armorblox published a blog post this week detailing a new Netflix phishing attack that seeks to steal your login credentials, billing address, and card details. credit.
Armorblox first saw the phishing attack a few weeks ago when Netflix customers started receiving emails in their inboxes claiming to be from Netflix Support. The email informed customers that there was a problem verifying their personal data and that it was causing billing issues. They were also told that their accounts would be terminated within 24 hours if they did not update their personal information to resolve the issue.
“When the targets clicked on the link, they were taken to a completely Netflix-like website with a phishing stream asking them to separate themselves from their Netflix login credentials, billing address, and card details. credit, “explained Armorblox co-founder Chetan Anand. blog post. “Once the phishing flow was complete, the targets were redirected to Netflix’s actual home page, none of which was wiser to be compromised.”
Email phishing attacks are a dime a dozen, but as Armorblox explains, this was notable because it was able to go through email security controls. The first trick hackers used was to redirect users to “a fully functional CAPTCHA page with a subtle Netflix branding” if they clicked on the link in the email. This made the entire procedure seem more legitimate, and might have been enough to convince some Netflix clients.
Additionally, both the CAPTCHA page and the Netflix clone site were hosted on legitimate domains, one of which belongs to Wyoming Health Fairs and the other is hosted on the site of a Texas oil and gas company. “By hosting phishing pages on legitimate main domains, attackers can circumvent security controls based on URL / link protection and get past filters that block known bad domains,” says Anand.
Finally, the Netflix clone site itself, which you can see below, really does look like Netflix’s actual login page. It even has some weird flourishes, like a “Need help?” link and the option to log in with Facebook (although these additional links simply reload the same page; they are actually not functional if you click on them):
Whether or not you fell for this scam, it never hurts to know what’s out there. After all, if that email had reached your inbox, there is a chance that you have given your personal information and credit card number. That said, as smart as this attack could have been related to the spam you ignore every day, detecting it would have been as simple as looking at the address bar in your browser.
Jacob started covering video games and technology in college as a hobby, but it quickly became apparent to him that this was what he wanted to do for a living. He currently resides in New York writing for BGR. His previously published work can be found on TechHive, VentureBeat, and Game Rant.
.
