New phishing scam is directing users to fake Netflix site to steal credit card data
According to cloud office security platform Armorblox, the scammers begin by sending Netflix users a phishing email that can well be passed off as an authentic email from Netflix Support.
July 31, 2020 / 11:41 AM IST
A phishing scam that involves stealing of users' credit card data and mimics the original Netflix site has recently been uncovered.
Scammers have created a fake web page that is almost identical to the popular video streaming platform. They are leveraging Netflix’s brand recognition to steal login credentials and billing details from unsuspecting users.
According to cloud office security platform Armorblox, the scammers begin by sending Netflix users a phishing email that can well be passed off as an authentic email from Netflix Support. The email usually states that there is a problem with the billing details and that their subscription will pause if they do not click on the link provided in the mail.
Once unsuspecting users click on the mail, they are directed to a website that looks strikingly similar to the original streaming platform.
Explaining the nature of the email Armorblox said: “Unlike spray-and-pray email fraud attempts, this email was expressly created and sent to trigger the required response. The email title was ‘Notice of Verification Failure’, which isn’t exactly how a Netflix email sounds, but still ‘robotic’ enough for readers to assume that it came from Netflix Support. The email language and topic was intended to induce urgency owing to its punitive nature (cancellation of the Netflix subscription). The call to action - Click here to update your information - is simple and effective. The email claims that the reader’s subscription will be cancelled if they don’t update their details within 24 hours, furthering the sense of urgency,”
The scammers have gone the extra mile to include a captcha stage to make it look even more authentic. The users are then asked to provide their login credentials, credit card details and billing information. After all the data is entered, the scammers actually redirect users to the original Netflix website. This way they do not even realise that they have fallen prey to cybercriminals.
Informing Netflix subscribers about how to detect the phishing mail, Armoirblox said: "But several things give the Netflix scam away. Firstly, although the phishing site looks legit, if you click on any of the links such as 'need help' or 'Sign up now', the page just reloads again. Another obvious giveaway is of course the URL. Instead of Netflix.com, you will see axxisgeo.com."