Emmanuel Marshall 03 November 2017 16:53:32 AEDT 4 MIN READ

New Email Scam Using Fake Netflix Website

 

A scam email has appeared today that is pretending to be from Netflix. MailGuard detected the new scam early this morning, and stopped the malicious emails from entering our client’s inboxes.

This scam email is relatively well designed. The scammers are using a template system to generate individualised messages with specific recipient data. 

This works like a mail-merge; the body of the email is generic, but the sender field is designed to show the name of the intended victim, which personalises the scam making it more convincing.

In this case the scammer's system has not worked as well as they hoped and in the example below - screen-captured by our operations team - you can see that the ‘recipient’ field in the email has not been merged successfully. Instead of the victim’s name, it shows the placeholder instead:

 

Screen Shot 2017-11-03 at 11.23.26-1.png


Aside from the error with the recipient name field, this email looks quite convincing. The message tells the intended victim that their Netflix billing information has been invalidated and urges them to update their details on the website. If the recipient clicks the link in the email they are taken to a fake Netflix page, that asks them to log in and then enter their personal information, including credit card details.

Of course, this website is completely bogus and is just a mechanism for the scammers to steal the victim’s identity and credit card information.

Screen Shot 2017-11-03 at 11.24.28.png


The fake Netflix site this scam is using is built on a compromised Wordpress blog. Scammers can break into Wordpress sites by making use of vulnerabilities in blog plugins and once in, they can make the website look enough like a real Netflix login page to trick their victims - as shown in the screenshot above.

Screen Shot 2017-11-03 at 11.24.52.png


Screen Shot 2017-11-03 at 11.25.22.png 

With the detailed data the fake website form asks for: address; credit card details; driver’s license; mother's maiden name; etc, the scammers could potentially execute an identity theft and gain access to the victim’s bank accounts as well as their credit cards.

Once the fake website has collected all the sensitive data the scammers want, the victim is shown a reassuring 'reactivation' screen.


Screen Shot 2017-11-03 at 11.26.15.png

 

If you receive an email from Netflix today, ‘Chill,’ but don’t click without thinking first. Scammers can make their fake emails and bogus websites look pretty convincing, so it’s always a good idea to check carefully that the email comes from the actual company domain and not a scammer.

 

Think Before You Click:

 

- Always hover your mouse over links within emails and check the domain they’re pointing to. If they look suspicious or unfamiliar don’t open them.

- Cybersecurity threats take many different forms from simple spyware downloads to sophisticated ransomware attacks. Your business can be exposed to a wide variety of different vectors: through peripherals; USB devices; networks; attachments; etc. Security best practice recommends a layered defence strategy to protect users against web threats and malware.

- 9 out of 10 cyber-attacks are delivered via email, so it's essential to have the best email filtering in place to protect your systems. For a few dollars per staff member per month, you can have the peace of mind of MailGuard's comprehensive cloud-based email and web filtering. You’ll significantly reduce the risk of zero-day (previously unknown) threats and stop new variants of malicious email from entering your network.

- Keep up to date on the latest scams by subscribing to MailGuard’s weekly update or follow us on social media. If you’re experiencing problems, you can speak to a cloud security specialist on 1300 30 44 30 or email expert@mailguard.com.au