Any widely-used platform is an lucrative target for cyber criminals, and with more than 167 million subscribers worldwide, the Netflix streaming service certainly falls into that area. While Netflix may not appear a main attraction for phishers, a successful attack could give scammers access to credit card and banking details.

Netflix phishing scams are popular, so it is not uncommon to see yet another scam kicked off, but one of the most recent uses a novel tactic to evade security solutions. By incorporating a CAPTCHA challenge, it is more difficult for security solutions to access the phishing websites and spot their malicious intent.

This Netflix phishing scam launches with an email like many other Netflix scams that came before. The emails look like they have been sent from the Netflix customer support team and advise the recipient there has been an issue with billing for the most recent monthly payment. As a result, the subscription will be suspended in the next day.

The Netflix user is given with a link to click and they are told they need to update their information on file. The emails also include a link to unsubscribe and amend communication preferences, although they are not operational.

As with the majority of phishing scams there is urgency and a threat. Update your details within 24 hours or you will lose access to the service. Clicking the link will bring the user to a fully functioning CAPTCHA page, where they are required to go through the normal CAPTCHA checks to verify they are not a bot. If the CAPTCHA challenge is passed, the user will be brought to a hijacked domain where they are presented with the standard Netflix sign-in page.

They must log-in, then they are asked to enter their billing address, along with their full name and date of birth, and then toy a second page where they are asked for their card number details, expiry date, CVV code, and optional fields for their bank sort code, account number, and bank name. If those details are provided they are told that they have correctly verified their information and they will be redirected to the real Netflix page, most likely unaware that they have given highly sensitive information to the phishers.

There have been many Netflix phishing emails captured over the past few months claiming accounts have been put on hold due to problems with payments. The emails are realistic and very closely resemble the emails sent out regularly by Netflix to service account holders. The emails include the Netflix logo, correct color schemes, and direct the recipients to authentic looking login pages.

What all of these emails have in common is they are connected to a domain other than Netflix.com. If you are sent that appears to be from Netflix, especially one that contains some sort of warning or threat, login to the site by typing the actual domain into the address bar and always make sure you are on the correct website before entering any sensitive details.