There’s little doubt that Netflix is a major competitor in the video streaming industry by a wide margin. It should also come as no surprise that cybercriminals view their customers as prime targets for phishing campaigns. With the recently announced Netflix service fee hike, the ever-adaptable spammers has found an opportunity to exploit the video-on-demand company.
At AppRiver, their security research team has been monitoring a Netflix phishing blast. The campaign attempts to impersonate a Netflix account verification email. The email in part alerts the target (recipient) to a possible issue with his or her account. The target is then instructed to click on the provided link in hopes to correct the error. The cybercriminals use a common technique that spoofs the actual company’s domain name within an exploited website URL. The average user not paying close attention can easily overlook this visual deception and believe the link is a legit Netflix URL.
The exploited website is visually a carbon copy of the Netflix web login screen. Analyzing the HTML code of the site, we were able to find discrepancies that only confirmed our suspicions. It’s unclear during our investigation if the exploited site attempts to only steal a customer’s Netflix login credentials or if there a financial goal in mind, such as credit card numbers.
As you can tell from the screen capture above, it can be extremely difficult for the average user to visually identify this as a phishing campaign. One of the best ways for users to prevent becoming victim to this type of campaign is avoid clicking any links in the email. Instead, opt to visit the company’s website address directly. If there is indeed an account issue, you should be alerted on the website of the issue. Another helpful tip is to hover over the link provided in the email with your mouse cursor. If the link looks at all suspicious to you, try to get verification from the company that they indeed sent the email. AppRiver’s SecureTide engine has multiple rules in place blocking this Netflix phishing blast. So far, we’ve quarantined over 12,000 messages and will continue to monitor for new variants.
Check out the AppRiver blog here!