A Netflix phishing scam has been identified and users in the United States are being cautioned about an email that targets credit card information and other personal data. A California-based cyber-security firm recently identified a phishing email campaign affecting the popular video streaming service’s customer base. This latest attack is just another example of how important it is to scrutinize any email from anyone, including large trusted companies, that asks you to click a link contained in the email for the purpose of entering or updating personal information or credit card payment information.
How the Netflix Phishing Scam Works
Disguised as an email sent by Netflix for the user to update their membership details by clicking a link contained in the email body. Unsuspecting Netflix subscribers who click the link are redirected to a fake site that mimics the appearance of the real Netflix login webpage. Users who are none the wiser enter their login credentials and are directed to pages that request customer personal information. This includes the user’s name, date of birth and address, and credit card payment information, including credit card type, card number, expiration date, name on the credit card, credit card holder’s social security number, and the security code for the credit card.
From this kind of data, a hacker could make fraudulent credit card purchases online, open lines of credit in a victim’s name, sell the victim’s data and credit card information, and much more. With how much talk there is about phishing scams being one of the leading causes of data security breaches, it might seem like no one should be taken advantage of by a phish email scam. But a surprising number of phishing emails are opened by recipients, and a startling number of links contained in phishing emails are clicked on.
Highly Sophisticated Phishing Ploy
This most-recent Netflix phishing scam is striking in that it was well orchestrated against detection as fraudulent email. The hackers used highly sophisticated techniques and methods to mask their email campaign from being detected. Specifically, the attackers took steps:
- So that legitimate, but compromised, Netflix servers hosted the phishing webpages.
- So that users with certain IP addresses would not be displayed the phishing pages in order to avoid detection of the phishing ploy, i.e., if it was likely that the user’s DNS would resolve to companies such as PhishTank or Google.
- To ensure that the client-side HTML code associated with the phishing pages was obfuscated by the use of AES encryption.
Contact a Cybersecurity Lawyer
Data security breaches happen all the time and sometimes companies and people fall victim to phishing attacks. Cybersecurity attacks are getting all the more sophisticated with each passing day and the laws surrounding cybersecurity issues are continuously evolving to address new challenges. Revision Legal stays up to date on cyber security law and new cyber threats. Revision Legal works closely with cybersecurity victims and helps them deal with the aftermath of security breaches and we can help you manage your situation after suffering a data breach. Contact the experienced data breach attorneys at Revision Legal as soon as possible if you need help. Contact Revision Legal data breach attorneys using the form on this page or call us at 855-473-8474.
Image credit: Global Panorama