Phishing campaign impersonating Netflix to steal customer data

Phishing campaign impersonating Netflix to steal customer data

Phishing campaign masquerading as Netflix to steal customer data

Australian users of Netflix are being targeted with a new phishing campaign that involves the use of carefully-designed emails and a website to lure them into filling in their Netflix account login details and their payment card information, security researchers have revealed.

A couple of years ago, security researchers at FireEye discovered a malicious phishing campaign that involved emails sent to Netflix subscribers to update their Netflix membership details. Once victims clicked on links in such emails, they were redirected to a website that asked for their Netflix login credentials as well as their personal details and credit card information.

Once victims had completed such forms, the fraudulent website redirected them to the legitimate Netflix homepage in an effort to make the scam harder to detect. The researchers warned Internet users to be constantly on the lookout for phishing campaigns which attempted to trick them into handing over login details and other sensitive information.

Scammers’ targeting Australians’ credit cards  & Netflix logins

Earlier today, news arrived that a similar phishing campaign is being orchestrated by scammers who are targeting Internet users in Australia using email addresses masquerading as the legitimate email address of Netflix’ support team.

Hundreds of emails sent from the fake email address feature styling and logos that mimic standard emails sent from legitimate Netflix accounts. Via such emails, scammers are informing recipients that their membership has been temporarily suspended and that they need to update their account details to resume their membership.

In order to update their account details, recipients of such phishing emails are being provided with a link to a website that looks very much like the login page for Netflix. Once they visit the site, they are asked to fill in their email addresses associated with their Netflix accounts, passwords, and their full credit card numbers.

Netflix subscribers are popular targets of phishing campaigns

“Netflix customers seem to be incredibly popular targets for threat actors engaged in phishing campaigns, for good reason; Netflix is a globally renowned business, with an easily identifiable name and logo which a significant amount of consumers will have a relationship with, making them more likely to engage with emails pertaining to be from the brand,” says Corin Imai, senior security advisor at DomainTools.

“Netflix phishing scams in the past have been notoriously sophisticated, such as the 2017 campaign which leveraged Netflix content as backing images to the fraudulent emails and web pages, lulling the victim into a false sense of security. Australian Netflix users should treat any email communication from Netflix suspiciously in order to keep their PII safe, particularly one regarding account suspension,” she adds.

“This is just the latest of a series of phishing campaigns that posed as Netflix, which because of its popularity allows criminals to cast a wide net of potential victims. This kind of attacks exploit customer’s trust in brands they can recognise, and are becoming increasingly sophisticated, adding backsplashes and logos to the fake emails to trick victims into clicking on the malicious links,” says Dean Ferrando, System Engineer Manager (EMEA) at Tripwire.

“The best way to avoid falling victim of these scams is to always be on the look for suspicious details that may reveal the email as fictitious, which can be spelling mistakes, poor grammar or a link that directs to a suspicious URL. Reputable brands also often have a support page that helps customers identify and report fake email campaigns and would never ask for personal information or payment details without a reasonable cause,” he adds.


Grammar school’s email address used in phishing scam targeting parents

Dropbox: most impersonated company for phishing attacks in first half of 2018

Copyright Lyonsdown Limited 2021

Top Articles

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Ransomware attacks and the future role of the CISO - teissTalk

On 18 May, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity experts in a wide-ranging discussion that covered government actions, ransomware attacks and the future of…

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

Related Articles

[s2Member-Login login_redirect=”” /]