Emmanuel Marshall 10 November 2017 17:02:10 AEDT 7 MIN READ

Fake Netflix and PayPal Scams - Weekly MailGuard Digest


Another Busy Week on the Frontlines of Cybercrime Prevention

There's no rest for cyber-crime-fighters. Criminals are firing out emails at the rate of millions a minute, so keeping our client's inboxes clean and safe is a non-stop job. 

Yesterday, our CEO Craig McDonald published a post addressing the notorious fake Netflix email scam that's sweeping across the net. 
Our systems first detected this latest barrage of fake Netflix emails on Friday of last week 
and promptly stopped the malicious emails from entering our client’s inboxes. 


Screen Shot 2017-11-03 at 11.23.26-1.png

These emails look quite convincing, but if the recipient clicks the link in the email they are taken to a fake Netflix page, that asks them to log in and then enter their personal information, including credit card details.

Of course, this website is completely bogus and is just a mechanism for the scammers to steal the victim’s identity and credit card information.

Screen Shot 2017-11-03 at 11.25.22.png 

With the detailed data the fake Netflix form asks for - address; credit card details; driver’s license; mother's maiden name; etc - the scammers could potentially execute an identity theft and gain access to the victim’s bank accounts as well as their credit cards.

In his Thursday blog post, MailGuard CEO Craig McDonald commented:

"We are seeing phishing tactics like this on a daily basis. Cybercrime of this sort, where the criminals create a fake website that looks and smells like a well-known company, is known as ‘brandjacking’. This approach has a high success rate for cybercriminals. Why? Because it taps into our subconscious. Marketers have known for years how to leverage our subconscious to make us spend; '90% of all purchasing decisions are made subconsciously' according to ISPO.com.  So, our happy subconscious clicking - the trust that we place in brands - is putting us all at risk. 
Brands that are regularly being exploited by criminals include (but not limited to); financial institutions; telco's; utilities; and media companies, like 
Netflix on this occasion... Shockingly, more than 90% of internet crime is perpetrated via email. Most people cannot recognise the tell-tale signs of a criminal email and will click on dangerous messages without thinking twice. In fact, 97% of people can't discern phishing emails from the real thing, and of those, nearly 25% will click on dangerous links. "

The MailGuard blog's reporting on this nasty email scam has caught the attention of international media, and been reposted across the globe. Major media outlets like USA Today, MSN and NBC, as well as leading tech publications like WIRED and Mashable, helped raise public awareness of this criminal attack, hopefully preventing many people from making an expensive mistake.

>> Craig McDonald posts regularly about the latest criminal threats that MailGuard is combatting and shares valuable ideas on how to keep your business and your team safe from harm. To stay ahead of the latest criminal intent email threats, follow Craig on LinkedIn or Twitter.


Bogus ‘PayPal’ Email 

Following hot on the heels of the Netflix outbreak, came a similarly sneaky inbox assault using fake PayPal branding. In the past 48 hours, MailGuard has blocked thousands of fake PayPal emails going after private credit card information. As you can see in the screenshot below, this bogus PayPal message is trying to make victims believe that their account has been ‘limited temporarily’ and they need to log in to correct the problem.


 Your PayPal account has been limited _ - Mozilla Thunderbird_261.png

If the message recipient clicks on the link provided they are sent to a bogus PayPal login page where they are asked to enter their email address and PayPal password.

Australia _ Login in to you account - Mozilla Firefox_262.png

The average PayPal user would likely mistake it for a genuine login screen. Having acquired a victim's credit card and ID details, the cybercriminals behind this attack would be able to steal their identity and commit credit card fraud. Like Netflix, PayPal is a well known and trusted brand so many people receiving this scam message would not hesitate to enter their details.

MailGuard Customers Were Protected from these Attacks

Fortunately for our clients, MailGuard identified these criminal-intent emails before they could reach inboxes and do harm. 

Here at MailGuard, we are seeing emails like this cropping up on a daily basis. These attacks are on the rise, because they have a high success rate for cybercriminals. They leverage the trust we place in names like PayPal and Netflix to steal their victim's data and then their money.


Have a Safe and Secure Weekend


The criminals looking to trick you out of your money won't give up because their attacks are often successful - cybercrime is a multi-billion dollar industry.
Human beings are naturally susceptible to ruses like brandjacking because our split-second subconscious decision making often isn't as rigorous as it should be.
At Mailguard, our mission is to keep our customers inboxes safe so they don't have to worry about being ripped off without even knowing it. The criminals know; if your inbox isn't protected, it's just a matter of time until you make a small mistake that will give them a big payday.

Remember: think before you click.


Take Action to Secure Your Inbox Today

For a few dollars per staff member per month, you can protect your business with MailGuard email and web security. You’ll significantly reduce the risk of malicious emails entering your network, and be protected by the most advanced cloud-based security available.

Stay informed on breaking scam news. Subscribe to MailGuard's free weekly updates by clicking on the button below:

Keep Informed with Weekly Updates