Cloud Office security platform, Armorblox recently published a blog post covering a Netflix phishing attack that sneaks in to steal your login details, billing address, and also the credit card details.
In the Name of “Netflix Support”
The attack was first identified a few weeks ago when Netflix consumers started receiving emails from an unknown source disguised as “Netflix support”. The email asked the customers to update their personal information as there was an issue verifying their personals details. The email also stated that if the consumer do not take a step, they might cancel the account. And then there was a URL link.
Upon clicking the link, they were redirected to a clone website of Netflix which then asked for all the details and that was it.
“When targets clicked the link, they were led to a fully-fledged Netflix lookalike website with a phishing flow that asked them to part with their Netflix login credentials, billing address, and credit card details,” Armorblox co-founder Chetan Anand explained in the blog post.
Fake Website on a Legit Domain
This particular spam was a notch cleverer as it got through email security controls pretty easily. The hackers put in a functioning CAPTCHA page with a faded Netflix logo which made it look even more realistic and authentic. This became possible for the attackers as they were hosting both the Netflix-lookalike website and the CAPTCHA page on legitimate domains.
“By hosting phishing pages on legitimate parent domains, attackers are able to evade security controls based on URL/link protection and get past filters that block known bad domains,” Anand added.
So, after you become a victim of the scam, you will finally be redirected to a Netflix login page, which is not even functional when you reload it. Well, that’s not a surprise at this point, is it? As you can see in the picture below, you can hardly tell if it is the original or a fake one.
So? What do we know? What have we learned?
Never forget to check the address bar on your browser!