The security researchers at AppRiver have identified a Netflix phishing scam, hoping to capitalise on Netflix service fee hike, currently circulating. Paul Tolbert commented below.
Paul Tolbert, Email Security Specialist at AppRiver:
“There’s little doubt that Netflix is a major competitor in the video streaming industry by a wide margin. It should also come as no surprise that cybercriminals view their customers as prime targets for phishing campaigns. With the recently announced Netflix service fee hike, the ever-adaptable spammers have found an opportunity to exploit the video-on-demand company.
“The campaign attempts to impersonate a Netflix account verification email. The email in part alerts the target/victim to a possible issue with his or her account. The target is then instructed to click on the provided link in hopes to correct the error. The cybercriminals use a common technique that spoofs the actual company’s domain name within an exploited website URL. The average user not paying close attention can easily overlook this visual deception and believe the link is a legit Netflix URL.”
The exploited website is visually a carbon copy of the Netflix web login screen.
Paul continues, “Analyzing the HTML code of the site, we were able to find discrepancies that only confirmed our suspicions. It’s unclear during our investigation if the exploited site attempts to only steal a customer’s Netflix login credentials or if there is a financial goal in mind, such as credit card numbers.”
This is a screen grab of the campaign:
Paul concludes, “As you can tell from the screen capture above, it can be extremely difficult for the average user to visually identify this as a phishing campaign. One of the best ways for users to prevent becoming victim to this type of campaign is avoid clicking any links in the email. Instead, opt to visit the company’s website address directly. If there is indeed an account issue, you should be alerted on the website of the issue. Another helpful tip is to hover over the link provided in the email with your mouse cursor. If the link looks at all suspicious to you, try to get verification from the company that they indeed sent the email.”