skip to Main Content
+44 (0) 1628 308038 info@tidorg.com

Netflix “Account Freeze” Phishing Campaign In The Wild

Netflix Scam

A Netflix phishing scam is going after users’ payment information and Netflix credentials, according to Naked Security. The phishing emails inform recipients that they’ve missed a payment and they’ll need to login and fix their billing information to resolve the issue.

The emails themselves contain some glaring typos and grammatical issues, including repeated misspellings of “invoice” as “invoce,” and the phrase “you local bank being held a transaction.”

The phishing site itself is more convincing, however. The scammers took the time to obtain a valid HTTPS certificate, and they’ve hosted the site on a subdomain with a very long URL consisting of random characters. As a result, the primary domain is pushed out of sight in the browser bar, so the user doesn’t realize they aren’t on netflix.com. The login page looks perfectly legitimate, as does the page to enter payment card details.

The scammers made another mistake, however, by including an intermediate page that asks users how they want to pay their bill in order to “resrtart” their membership. This page offers a number of options, including one to purchase gift cards. The option to buy gift cards is inexplicably written in French, unlike the rest of the page.

While these warning signs seem easy to spot when you know it’s a scam, they might not be so apparent if you aren’t looking for them. New-school security awareness training can teach your employees to constantly be on the lookout for red flags. Naked Security has the story: https://nakedsecurity.sophos.com/2019/11/29/netflix-account-freeze-dont-click-its-a-scam/


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST Results

Here’s how it works:

Immediately start your test for up to 100 users (no need to talk to anyone)

Customize the phishing test template based on your environment

Choose the landing page your users see after they click

Show users which red flags they missed, or a 404 page

Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management

See how your organisation compares to others in your industry

PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

Close search

Basket

Back To Top