Cyber attackers will use any method that they can to gain illicit access to money or data. This includes posing as other reputable businesses or organizations in an attempt to trick people into giving them access to these things. Such is the case in a recent phishing campaign making its way around the country posing as the video streaming company, Netflix.
Users of Netflix have been receiving what appear to be emails from the company itself asking them to update details of their account, but these are actually cleverly crafted phishing emails. The email provides a link for them to follow to update information. When clicked on, it takes them to a website that is made to closely resemble the official site. It prompts a login, and then asks them to update their billing and credit card information, which of course simply provides it to the creator of the phishing campaign. After entering this information, the person will then be redirected to the actual Netflix site. The entire process resembles Netflix’s official site quite closely, and may have led to some giving out their information without realizing it was a scam.
The scam was discovered by FireEye Labs, and it was found to have a number of interesting methods of evasion. For instance, the fake websites were hosted on legitimate, but compromised web servers. At the time the report from FireEye was posted, the phishing sites located were no longer active. Whether this means the phishing campaign is no longer active is uncertain, so it is important to remain vigilant about any emails received in regard to your Netflix account. Always ascertain whether they are valid or not before following any links within them.
Protecting Your Netflix Account Information
When it comes to phishing attempts such as this, there can be very subtle giveaways to identify them. The email addresses will always be slightly off (.org instead of .com, for instance). If the link is followed, the website URL will also be the same way. It is also important to remember that Netflix states on their website that they will never ask for personal information through email, such as payment information, social security number, tax identification number, or password. Keeping these things in mind, it can generally be quite simple to immediately recognize false emails posing as Netflix, as well as any other company.