Netflix users beware – there’s a phishing scam after your credit card details
Netflix users have more to worry about than price hikes, as they could now be the target of a phishing scam that goes after personal and business emails in an attempt to glean sensitive information.
Spotted by cyber security researchers at PhishMe, the phishing scam aims to trick Neflix users into revealing their credit card details to pilfer money, as well as use stolen credentials to hack into other online services or sell that data on the dark web.
This phishing attack starts with a Netflix branded email asking users to update their account details and has a link to direct them to a spoofed landing page asking for their email address and password. Once that has been entered the page then directs them to another page asking for them to update their credit card details, all while looking like a genuine Netflix page.
After that stage a message pops up congratulating the scammed users for updating their account, and presents a button for them to use to get back to a legitimate Netflix page; in reality they have unwittingly handed over their Netflix login credentials and credit card information.
Furthermore, the stolen details could lead to other hacked services, if hackers discover a victim’s password has been used for other sites, and bleed over from their personal life into their work life.
“If the threat actor can find examples of password reuse, phishing a consumer service like Netflix might lead to illicit access to an enterprise email account and associated services,” PhishMe researcher Chase Sims warned.
There’s no information on how widespread the phishing campaign has been or how many people have fallen victim to it. But such scams don’t discriminate between users, and the popularity of Netflix means cyber criminals have a wide audience to attack. Such Netflix scams are not uncommon but they are getting more sophisticated in spoofing legitimate sites and web pages, meaning it’s worth being extra careful with what you click on in your emails.
It’s always advised to check the actual email address of any email being set to you that asks for login details and to avoid clicking on any links that have the slightest hint of being dodgy about them.
Related: Netflix vs Amazon
Have you spotted the Netflix scam? If so let us know @TrustedReviews or on Facebook.