How to Recognize the Latest Netflix Phishing Scam

Posted on by

Everyone loves Netflix, especially when you don’t have to pay for it. That’s why you’re sharing someone else’s account, right? Well, scammers love free Netflix too, and a new phishing attack could trick you into giving up your precious username and password, as well as other sensitive information that you wouldn’t want others to have.

It all starts with an email

As Armorblox describes, this new Netflix phishing attempt starts with a simple email from Netflix support. It informs users that there is something wrong with their billing information and they must confirm it or their Netflix subscriptions will be disabled the next day.

Although I believe that the electronic form looks legitimate , and it is not unheard of for a person to get an e-mail, for example, when a credit card can not be a service fee for some – any reason, this type of communication should be a huge red flag for everyone … First, Netflix does not cancel your account every other day; they will cancel it as soon as your subscription ends depending on when you last paid – probably a month after your last payment, I suppose.

Secondly, do not follow the links in such emails . As convenient as they are, your best course of action is to open your web browser and enter the web address of the specified site or service. Open your account settings yourself and see if everything is in order; If the company was good enough to email you about the problem and it’s legal, they will no doubt flagged any issue in your account settings as well. (Trust me, they are just as eager to get you sorted out with your billing information to avoid canceling the service, as you are.)

Provide us with all your information

If you click on one of the fraudulent links in the phishing email, you will first be taken to a CAPTCHA page that looks like something on the Netflix site: black background, red boxes, smooth white text, and so on. Not only does this add a bit of extra legitimacy to the phishing attempt (although fraudulent sites can include CAPTCHAs as well as everyone else), but it also helps to hide the last page of the phishing attack, where you enter your account credentials, from various defenses. from malware. services your email provider can use for your safety.

Of course, if you looked at the URL of the site you were accessing, you would clearly see that it is not hosted on any Netflix domain at all. However, there are a lot of people out there who don’t look at URLs when they click on the internet, so it’s hard to count on this technique in this case, even though it’s the easiest way to get a little more confidence that the site you are visiting may be legal.

Users who solve the CAPTCHA correctly are then taken to a very similar page for Netflix. They post their logins and are then asked to provide their full billing address, phone number, and payment details (including bank names and account numbers). This is, again, another red flag – unless a service asks you for certain information when registering, you shouldn’t give up that information when asked at some random point in the future. I mean really. Why does Netflix even need your bank account number ?

Phishing attacks usually have good clues

There are many holes in this phishing scam, but that’s the point; they are not meant to trap smart and intelligent people like you. They’re made for people who don’t pay too much attention to the details of what they do online, or people who are so terrified at the prospect of losing access to Nailed It! that they are willing to provide their account details when asked to do so. (I totally understand this feeling.)

The more you understand some of these red flags, the better prepared you will be to fend off the next phishing attack that comes your way, especially if it’s a little smarter than this one. These include:

  • The email contains a weird sense of urgency for a website or service that you’ve already paid to access for a certain period of time /
  • The sender of the email is not even from the company’s domain: in this case, the phishing emails came from “netflix@csupport.co”, not from an address like “netflix.com”.
  • You get a random email about an account problem that has never been a problem in your entire time using the site or service.
  • The URLs of any websites that are linked to in the email do not actually exist on the company domain.
  • A website or service asks you to provide more information about your financial services or security than ever before.

More…

0
Internet

Leave a Reply