A new Netflix phishing scam has been discovered that tries to trick Netflix subscribers into disclosing their login details and other sensitivedata such as Social Security numbers and bank account numbers.
This Netflix phishing scam is similar to others that have been seen over the past few months. A major campaign was discovered in October and another in November. The latest Netflix phishing scam confirms that the threat actors are now beginning large-scale phishing attacks on a monthly basis.
The number of recent Netflix scams and the scale of the campaigns has lead to the U.S. Federal Trade Commission (FTC) to issue a warning to increase awareness of the threat.
The latest campaign was first noticed by an officer in the Ohio Police Department. As with past campaigns, the hackers use a tried and tested method to get users to click on the link in the email – the threat of account closure due to issues with the user’s billing details.
In order to stop closure of the user’s Netflix account a link in the email must be clicked on. That will send the user to the Netflix site where login details and banking information must be entered. While the web page looks authentic, it is hosted on a domain controlled by the hackers. Any information entered on that web page will be accessed by the threat actors behind the scam.
The emails appear realistic and contain the correct logos and color schemes and are almost identical to the official emails shared with users by Netflix. Netflix also includes links in its emails, so unwary users may click without first checking the authenticity of the email.
There are indications that the email is not what it seems. The email incorrectly begins “Hi Dear”; British English is used, even though the email is sent to U.S. citizens; the email is sent from a domain that is not used by Netflix; and the domain to which the email sends users is similarly suspect. However, the scam is sure to trick many users who fail to carefully review emails before taking any action.
Consumers need to use caution with email and should carefully review messages before responding, no matter how urgent the call for action is. It is a good idea to always visit a website directly by entering in the domain into the address bar of a web browser, rather than clicking a link in an email.
If the email is found to be a scam, it should be reported to the appropriate authorities in the country in which you live and also to the company the scammers are pretending to be. In the case of Netflix phishing scams, emails should be sent to firstname.lastname@example.org.
While this Netflix phishing scam aims for consumers, companies are also at risk. Many similar scams attempt to get users to part with business login credentials and bank account data. Businesses can reduce the risk of data and financial losses to phishing scams by making sure all members of the company, from the CEO down, are given regular security awareness guidance and are taught cybersecurity best practices and are made aware of the most recent threats.
An advanced spam filtering solution is also strongly advisable to ensure the vast majority of these scam emails are obstructed and do not reach inboxes. SpamTitan for instance, stops more than 99.9% of spam and phishing emails and 100% of known malware.
For additional information on anti-phishing solutions for companies, get in touch with the TitanHQ team today.