The current target
For the past few weeks, an email asking users to update their information has been targeting subscribers to Netflix’s SVOD service. The email claims to be from customer support. Netflix is, in fact, the target of a phishing cyberattack.
The scam is fairly typical and common: the message informs users of a billing issue and states that they need to verify and update their personal information. On top of that, it creates a sense of urgency: the email states that if they do not respond within 24 hours, their Netflix account will be closed.
This isn't the first time Netflix has had to deal with this type of phishing cyberattack. Back in late March 2020, a similar phishing email was already circulating.
The technique and process are, moreover, well-established: this fraudulent email contains a link that redirects users to a mirror site of the streaming platform. Before accessing the site, the redirect link takes the user to a CAPTCHA window. Trusting the process, the user fills out the form set up and managed by the hackers: login credentials, phone number, credit card details… everything is there! Finally, the user actually reaches the official site.
Unseen and unnoticed: the hacker strikes!
The only clue that might, however, raise suspicions is the URL. But you still need to be on your guard!
How to Spot Phishing: The Netflix Example
Netflix is an example that exhibits all the standard characteristics of a phishing campaign:
- Call to action (click here);
- Concept of urgency (24-hour response time);
- A punitive tone (“If you do not respond, your subscription will be canceled”);
- Broken link;
- Invalid URL;
- Mirror site;
- Breach of trust;
- Retrieval of personal data.
All of this information can be used by hackers to target an individual in both their personal and professional lives.
Imagine the consequences if users routinely mix their professional and personal activities. Moreover, it’s important to remember that this is a form of social engineering and can have disastrous consequences. That’s why it’s essential to educate users on best practices to avoid falling victim to phishing scams.
