Popular entertainment company Netflix has once again been spoofed by cybercriminals in a phishing email scam.
Titled “Reminder: update your payment details”, the email uses a display name of “Technical Support”. It purports to be a notification the “Netflix Team”, complete with the company’s logo & branding. However, the domain used in the email address provided in the “From:” field doesn’t belong to Netflix – a red flag pointing to its illegitimacy. The email actually originates from a compromised Amazon SES account.
It informs users of “some trouble” with their “current billing information”, asking them to update their payment details. A button is provided for them to do so.
Here’s what the email looks like:
Clicking on the button to “update account now” leads users to a phishing page on a compromised WordPress site. The phishing page had been taken down at the time of writing this blog. However, it is likely that the phishing page was designed to harvest users’ Netflix account information (including passwords), and potentially their credit card information as well.
Netflix is a popular and well trusted company, so their branding makes a good lure for cybercriminals looking to deceive people. With an immensely large customer database (almost 193 million subscribers worldwide), there’s a high likelihood that many of those that are receiving the email are subscribers, increasing the chances of this scam being successful.
Multiple techniques are employed in this scam to trick users. These include a subject line designed to evoke alarm and panic among recipients who, thinking there actually is a problem with their billing information, may be motivated to take action quickly without pausing to think of the email’s legitimacy. The use of a display name like "Technical Support" also implies the email is coming from a credible source, further convincing users that it is a genuine notification from Netflix.
Despite this, the email does contain several red flags that should alert users. For example, the recipient isn’t addressed directly in the email, and that it contains several spacing errors.
Phishing emails spoofing the popular entertainment company have been circulating for a while, like this one we intercepted in March, and one in December last year.
Last week, Australian consumer watchdog Scamwatch also published “fresh warnings of Netflix phishing scams” via a tweet advising users to be careful of emails asking you to click on a link to update your account.
Netflix states in its Help Center that it will “never ask you to enter your personal information in a text or email.” This includes:
- Credit or debit card numbers
- Bank account details
- Netflix passwords
“If the text or email links to a URL that you don't recognize, don't tap or click it. If you did already, do not enter any information on the website that opened,” the company states. For more details on what to do if you’ve received a suspicious email claiming to be from Netflix, visit the company’s Help Center.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.
