Netflix Phishing Campaign Takes Advantage of Fare Hike

Written by

A phishing campaign targeting Netflix customers is making the rounds, stealing login credentials. Since Netflix recently announced a service fee hike, spammers saw an opportunity to exploit the situation.

According to researchers at AppRiver, phishing emails attempt to impersonate a Netflix account-verification email. The message alerts the target to a possible “issue” with his or her account, and then asks the person to click on the provided link. It’s unclear, they added, if the exploited site attempts to steal only a customer’s Netflix login credentials or if there a financial goal in mind, such as credit-card numbers.

“The cyber-criminals use a common technique that spoofs the actual company’s domain name within an exploited website URL,” AppRiver researchers explained. “The exploited website is visually a carbon copy of the Netflix web login screen. Analyzing the HTML code of the site, we were able to find discrepancies that only confirmed our suspicions.”

While the screen capture of the message shows that the attackers are savvy in using the Netflix logo and brand style, a closer look at the verbiage should alert recipients to the message’s bogus nature—grammar and syntax mistakes are a dead giveaway:

“We hold on record for your account, we need to ask you to complete a short validation process in order to verify your details. Once that information has been updated, you can continue enjoying Netflix. Click the button below to get started. A=80 Your friends at Netflix.

But, the average user not paying close attention can easily overlook the strangeness of the message itself, and could believe the link is to a legit Netflix URL. So one of the best ways for users to prevent becoming victim to this type of campaign is avoid clicking any links in the email. Instead, they should opt to visit the company’s website address directly. If there is indeed an account issue, the user should be alerted on the website.

The campaign is in full swing; So far, AppRiver has quarantined more than 12,000 messages.

Photo © M-Sur/

What’s hot on Infosecurity Magazine?