Emmanuel Marshall 29 March 2018 09:45:05 AEDT 6 MIN READ

New Netflix email scam phishing for credit cards 

 
A new Netflix email scam attempting to steal credit card information has been detected by MailGuard.

The scam message tells the recipient that Netflix ‘failed to validate’ their payment and that they need to log into their Netflix account to ‘verify’ their ‘billing and payment details’.

In the screenshot below you can see the scam Netflix email message:

 180329-netflix-1


 

The message warns the recipient that ‘failure to complete the validation process’ will result in their Netflix account being cancelled. This attempt to create urgency in the would-be victim is a classic hallmark of email scams. The criminals hope that making their victim feel stressed or flustered will avoid them noticing anything suspicious and encourage them to go along with the scam.

If the victim does click on the ‘verification’ link in the email they are taken to a phishing website set up to look like a real Netflix login page:

 

180329-netflix-2



The fake login page will collect the victim’s email address and Netflix password and then send them to a page that harvests their credit card details including 3 digit security code and expiry date:

180329-netflix-5a

 

This scam has been very well executed with high quality graphical elements in the email message and phishing page, so it’s easy to imagine that it could potentially trick a lot of unsuspecting people.

This is not the first Netflix based scam MailGuard has seen recently. Netflix is a popular and well trusted company, so their branding makes a good lure for cybercriminals looking to deceive people. 

If you see an email from Netflix today, please exercise caution and make sure it is a legitimate communication before you open it.

 

About phishing


Phishing is a cybercrime technique that uses fraudulent email messages or websites that are used to gain access to victim’s personal information. Typically, a would-be victim of phishing will receive an email message pretending to be from a trusted source such as a financial institution or telco. The scam email will instruct the recipient to log into their bank account, credit card account, etc and the link provided will direct them to a fake website controlled by cybercriminals. When the victim enters their personal data it is captured by the criminals and then sold or exploited. Many phishing attacks are very expertly designed and victims are often none-the-wiser until it is too late.

 

Brandjacking: a Growth Industry

 

Scams in which criminals create a fake email or website that looks like one from a well-known company is known as ‘brandjacking’. This scam format has a high success rate for cybercriminals because it taps into subconscious trust cues.

In an article about brandjacking, MailGuard CEO Craig McDonald wrote:

"Marketers have known for years how to leverage our subconscious to make us spend; '90% of all purchasing decisions are made subconsciously' according to ISPO.com.  So, our happy subconscious clicking - the trust that we place in brands - is putting us all at risk.
Brands that are regularly being exploited by criminals include (but not limited to); financial institutions; telco's; utilities; and media companies, like Netflix on this occasion.
Criminals on the internet are more persistent, more cunning and better organised than ever before. They are masterful marketers, and they've learned how to ride on the back of big brand's trust-building to achieve their goals."

 

The Biggest Cybersecurity Threat

 

More than 90% of internet crime is perpetrated via email. Most people cannot recognise the tell-tale signs of a criminal email and will click on dangerous messages without thinking twice. In fact, 97% of people can't discern phishing emails from the real thing, and of those, nearly 25% will click on dangerous links.

Millions of criminal-intent emails are sent every second of the day, so the odds are good that some of those emails are probably in your team’s email inbox right now.

If you get an email from ‘Netflix’ this week, think before you click.

There are a few ways you can check if an email is a scam:

  • Generic greetings, such as ‘Dear customer’
  • A sense of urgency: “Ensure your invoice is paid by the due date to avoid unnecessary fees”
  • Bad grammar or misuse of punctuation and poor-quality or distorted graphics
  • An instruction to click a link to perform an action
  • Obscure sending addresses that don’t match the real company’s domain URL
  • If in doubt, type the web address (URL) directly into your browser rather than clicking the link, or better still phone the company.

 

Defend your inbox

Phishing attacks can be enormously costly and destructive, and new scams are appearing every day. Don’t wait until it happens to your business; take action to protect your company from financial and reputational damage, now.

Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious email entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates