A new Netflix phishing scam has been discovered that tries to trick Netflix subscribers into disclosing their login credentials and other sensitive data such as Social Security numbers and bank account numbers.
This Netflix phishing scam is like to others that have been discovered over the past few months. A major campaign was identified in October and another in November. The most recent Netflix phishing scam confirms that the threat actors are now beginning large-scale phishing attacks on a monthly basis.
The number of current Netflix scams and the scale of the campaigns has resulted in the U.S. Federal Trade Commission (FTC) to issue a warning to increase awareness of the threat.
The most recent campaign was detected by an officer in the Ohio Police Department. As with previous campaigns, the hackers use a tried and tested method to get users to click on the link in the email – the danger of account closure due to issues with the user’s billing details.
In order to stop closure of the user’s Netflix account a link in the email must be visited. That will bring the user to the Netflix site where login details and banking information must be handed over. While the web page looks genuine, it is hosted on a domain controlled by the hackers. Any details entered on that web page will be obtained by the people behind the scam.
The emails appear authentic and include the correct logos and color schemes and are almost identical to the official emails sent to subscribers to Netflix. Netflix also includes links in its emails, so unwary users may click without first reviewing the authenticity of the email.
” alt=”” aria-hidden=”true” />
Image Source: FTC via Ohio Police Department
There are indications that the email is not what it seems. The email begins “Hi Dear”; British English is used, even though the email is sent to U.S. citizens; the email is sent from a domain that is not used by Netflix; and the domain to which the email brings users is similarly suspect. However, the scam is sure to trick many users who fail to carefully check emails before taking any action.
Internet Browsers need to exercise caution with email and should carefully check messages before replying, no matter how urgent the call for action is. It is a good best practice to always visit a website directly by entering in the domain into the address bar of a web browser, rather than using the hyperlink in an email.
If the email is discovered to be a scam, it should be reported to the proper authorities in the country in which you reside and also to the company the hackers are impersonating. In the case of Netflix phishing scams, emails should be forwarded to firstname.lastname@example.org.
While this Netflix phishing scam targets consumers, companies are also at risk. Many similar scams attempt to get users to part with business login details and bank account data. Companies can cut the risk of data and financial losses to phishing scams by ensuring all members of the company, from the CEO down, are given ongoing security awareness training and are taught cybersecurity best practices and are made aware of the latest dangers.
An advanced spam filtering solution is also strongly recommended to see to it that the vast majority of these scam emails are blocked and do not land in inboxes. SpamTitan for instance, prevents more than 99.9% of spam and phishing emails and 100% of known malware.
For further details on anti-phishing solutions for companies, get in touch with the TitanHQ team today.