If you’re planning a weekend binging on Netflix while relaxing with loved ones be warned – the brand is being used by scammers to screw over unsuspecting users!
Phishers have been spoofing this popular brand for a year, trying to trick users into handing over their credentials and payment information, but this week the scammers upped their game.
Users have been reporting messages purporting to be from the popular video streaming service that claims the recipient’s payment has been declined. It then urges them to update their payment details which transfers them to a very believable page where the victim is encouraged to submit their credit card details. Anyone that does this is then transferred to a legitimate Netflix page, while the criminals disappear into the night with the user’s financial information. Not Good!
Of course, for individuals, this could be very upsetting. But surely this is just a consumer issue? Well, in this case, yes it is – but phishing does pose a threat to the enterprise. Eyal Benishti, CEO and Founder of IRONSCALES explains, “If a phishing email, such as this, happens to drop into an employee’s inbox whilst at work, this could quickly become a problem for the entire organisation.”
While the recent Netflix scam leads to a phishing website, phishing attacks are on the increase with many used to deliver malware and organisations firmly in the attacker’s sights.
Eyal continues, “As is the case in any phishing incident, vigilance is key. Never hand over any official information, and if you are even slightly suspicious, contact either the ‘Sender’ (in this case Netflix), or if at work, your IT Security Team. Scams like this are often spotted relatively quickly, so keeping an eye on social media, news sites and even doing a quick Google search, could prevent you, and your organisation, from becoming the latest victim.”
Offering his advice to thwart phishing attacks, Eyal added, “It is imperative to help users identify well-crafted impersonation techniques, in order to avoid a potential cybersecurity incident, which could be crippling for an organisation. This means employing mailbox level detection that tracks user behaviour analysis to build a picture of what is deemed normal behaviour so that anomalies in communications are easily spotted and automatically flagged as suspicious, in tandem providing an augmented email experience (InMail alerts) and mechanism (report button) to help employees better spot and easily report something amiss in a message ultimately helps protect the enterprise.”
This weekend, as you reach for the popcorn, make sure criminals aren’t reaching out for your credit card details.