Netflix Phishing Scam: Attackers Targeting Corporate Email Accounts
A new phishing scam is hitting inboxes around the world with emails that appear to be from Netflix and attempt to trick users into surrendering important account details that may lead to further compromising situations.
The campaign, first discovered by cybersecurity and threat tracking firm PhishMe, appears to be targeting a wide array of users, including those who use corporate email addresses, which could lead to attackers stealing valuable and sensitive information from businesses and organizations.
Like many phishing scams, this attack produces emails that look as though they come directly from streaming content giant Netflix. The messages contain Netflix branding and often comes from a relatively innocuous email address like desk-mail.com—though it’s worth noting emails from Netflix would likely come directly from the company’s domain.
If a user opens the email, they are greeted by text asking them to update their account details. It also contains a vague message that states, “Your membership will automatically continue as long as you choose to remain a member, we won’t charge you,” followed by a link the user is urged to click in order to update their account details.
Clicking on the link will deliver the user to a spoofed version of the Netflix website, designed to look like the same landing page a person would see if they visited Netflix directly, with a login screen requesting the visitor enter their username and password.
Of course, providing an email address and password to the fake login screen will result in the victim surrendering their credentials to scammers. But the attack doesn’t stop there.
After entering login information, the site directs visitors to a second page that asks them to update their payment details. The page has a form for users to enter their credit card information including the cardholder name, credit card number, expiration date, security number and ZIP code.
The credit card harvesting screen even provides additional text boxes for potential security information that may come in handy for the hackers like the victim’s phone number and mother’s maiden name.
As a misdirect to keep users from suspecting they have been scammed, the attackers include a final thank you message after the victim has surrenders all of their information, along with a “Get Started” button that redirects the user directly to Netflix.com, making it appear as though the process was legitimate.
The campaign is unique in that it appears to be specifically hoping to harvest information from corporate accounts. The attack has hit users who have email addresses tied to corporate accounts, putting victims who reuse passwords for different accounts at particular risk.
“Everyone has accounts for these consumer services,” said PhishMe analyst Chase Sims, in a blog. “Attackers are not always discriminant in who receives their phishing messages. This might be successful because people use corporate email for consumer stuff all the time. If the threat actor can find examples of password reuse, phishing a consumer service like Netflix might lead to illicit access to an enterprise email account and associated services.”
With an email address and password in hand, the attackers could attempt to login using the victim’s credentials on any number of other sites, including corporate email and other accounts linked to an organization. This could lead to personal information or sensitive organization information being compromised.
Using two-factor authorization can deter unauthorized logins by requiring a secondary code to be entered before an attacker can access an account. To avoid the situation altogether, avoid clicking links in emails. When prompted to update account information, go directly to the service asking for the information to ensure the information is not being harvested by a scammer.
© Copyright IBTimes 2024. All rights reserved.