Late last week, Action Fraud – a joint initiative between the City of London Police and the National Fraud Intelligence Bureau – warned Netflix subscribers about a new spate of phishing emails. The scammers are urging victims to enter their Netflix account information and payment details.
Like many phishing scammers, this group let itself down with poorly-worded language. Below a headline which reads ‘Update your payment information!’ the phishing mail says…
We face some difficulties with the current billing information of your own. We will try again, but please at the same time you update your payment details.
At the foot of the mail is a button urging recipients to update their accounts.
Netflix, which has 130m global subscribers, is a popular target for phishers. Back in January we wrote up a similar scam which also targeted Netflix users.
Australians found themselves targeted in June, and in the same month training organization SANS warned of an uptick in Netflix-targeted phishing emails that were using TLS-certified sites.
But why go to the trouble? Netflix accounts themselves aren’t that valuable.
Sadly, many people still use the same passwords for multiple accounts, meaning that if attackers successfully steal a Netflix login, they can try it on other accounts, including email and online banking logins.
What to do?
- Never click on a login link or an account verification link in an email.
- Check for the HTTPS padlock.
- If there is a padlock, check the name of the site. If it’s not exactly what you expect, close the site down.
- Don’t ignore telltale signs such as spelling and grammar errors.
- One password, one site. If you’re worried about remembering them all, consider using a password manager.