Akankasha Dewan 06 December 2018 12:43:44 AEDT 4 MIN READ

‘Account suspended’ email spoofs Netflix, delivers phishing attack

Receiving an urgent email from one of the world’s leading brands may cause you to sit up and take notice, but sometimes it also calls for a more critical need to be more vigilant before taking action.

MailGuard intercepted an email phishing scam purporting to be from Netflix Tuesday afternoon (AEST). This scam has been very well executed with high quality graphical elements in the email message and phishing page, so it’s easy to imagine that it could potentially trick a lot of unsuspecting people.

Using the display name ‘Netflix’, the email appears via a domain titled ‘odiso.net’. The body of the email informs recipients that there are issues with their ‘current billing information’. As a result, their account is suspended. Users are directed to update their payment details via a button titled ‘Update Account’ as seen from the screenshot below:

 Netflix Scam Social Image

Unsuspecting recipients who click on the button are led to a Netflix branded phishing page consisting of multiple pages and steps.

The first page (as seen by the screenshot below) asks them to log into their Netflix accounts:

Netflix Sign In Page

After users have input their details, they are led to another phishing page directing them to update their payment method:

Netflix Scam Billing Details

Clicking on the ‘continue’ button, as seen from the screenshot above, leads to a page requesting information on their billing details:

Netflix Scam Billing Details 2

The last step in this process involves a ‘verification’ page purporting to be from Visa requesting further personal details:

Netflix Scam Visa Verification

After users have input this information, they are redirected to the original Netflix website:

Netflix Scam final page

As you can see from the screenshots above, all of the pages are legitimate-looking copies of pages purporting to be from Netflix. Cybercriminals have taken great pains to incorporate the exact colour scheme, logo, fonts and popular images commonly found in Netflix pages in a bid to convince the user that the email is actually originating from the entertainment company.

This is not the first Netflix based scam MailGuard has seen recently. Netflix is a popular and well trusted company with an immensely large customer database, so their branding makes a good lure for cybercriminals looking to deceive people. 

If you see an email from Netflix, please exercise caution and make sure it is a legitimate communication before you open it. Please share this alert with your social media network to help us make the people aware of the threat.

What to do if you receive such emails

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top