Convincing Fake Netflix Page Phishing for Victims’ Credit Cards
(May 1, 2018)
A well-designed phishing campaign has been found by ESET researchers to be targeting Netflix users in attempts to steal credit card information. The phishing emails purport that Netflix was unable to renew the recipient’s subscription, and thus the email serves as a cancellation notice. The emails contain a link for “restarting” the membership that leads to a webpage that impersonated the authentic Netflix login page. After “logging in” a page is presented that harvests payment data.
Recommendation: The impersonation of legitimate services continues to be an effective phishing tactic to deliver malware. All employees should be informed of the threat phishing poses, how to identify such attempts, and to inform the appropriate personnel when they are identified. In addition, scare tactics are a common theme for phishing attacks, in this case threatening the cancellation of a video streaming membership; users should be aware of such tactics. Users should navigate to the legitimate domains owned by the company or service that is being mentioned in the email, and links that direct to such locations should be avoided.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.