Phishing scams are nothing new, with Netflix users having experienced plenty of attacks since the boom of the platform’s push into the digital market. It seems there is another one making the rounds, this time affecting both business and personal accounts.
The attack comes in the form of an official looking email, asking for a renewal of the account by the account holder, all while posing as Netflix. This was discovered by phishing awareness outfit PhishMe, that has reported exactly how the email targets customers and what the potential damage could be.
The scam asks users to update their account details, stating “We Would like to inform you that you have to update your account details.” Completing the guise as the official Netflix, it continues to say “Your membership will automatically continue as long as you choose to remain a member, we won’t charge you,” which indicates that if action isn’t taken via the sent email then the customer might experience a charge of some kind.
Netflix has never charged for the cancellation of accounts, instead allowing users to cancel their subscription at any point during the paid period that will run until the date of the next renewal payment. You can similarly pick Netflix back up again by clicking subscribe on the official website.
According to PhishMe, these attacks typically target business users and those that hurry to fix the supposed problem stated in the email. “Typically, people at work try to handle a minor personal inconvenience as quickly as possible. So, the Netflix phish works to trick those busy people into giving up login information. The victim is already rushed; they may not have the time to keep track of dozens of passwords”
And the damage doesn’t stop at credit or bank card details. “Now the attacker hopes that you reuse the same password for your personal email account or, if the attacker is very lucky, for your work email account, ” added PhishMe. “In either case, they can now reset passwords for various other online services—banking, healthcare, social media—to pivot and carry their attack forward.”
There are ways to identify and prevent these emails, such as looking at the sender and judging how legitimate it looks to the company they are posing as. In this case [email protected] is using an unfamiliar domain whereas Netflix often uses its own @netflix.com. Additionally, when going to change details, do not do it from any hyperlink presented on an email. Always go into the account directly and change things from within the official site. As for preventative measures, users can implement two-factor authentication, which PhishMe suggests the firms could enforce at the desk level, but unfortunately don’t as of yet.
KitGuru Says: Phishing emails are easy to prevent if you are technically inclined, but always seem to be effective against the general user or those in a hurry. Always take some time to check who is sending you what and why, not to mention taking the appropriate action to proceed with any account changes.