Netflix has over 100 million users, and that is the reason it has become a highly lucrative target for cybercriminals. Lately, a new phishing scam has been making rounds on the Internet that aims at stealing login and credit card details of Netflix users.
In this phishing scam, cybercriminals are sending fake emails alerting users that their account has been suspended and to restore, they need to click a link mentioned in the email and sign in with the information asked on the page.
The email comes with “Your suspension notification” subject. Upon clicking the link, a targeted user is taken on to a fake but authentic-looking Netflix login page asking them to sign in with their email and password.
Although those with awareness will mark the email as spam, the unsuspecting users are the prime target of this scam since the email has a professional look just like the official ones sent by Netflix. The login page also displays thumbnails of Netflix shows The Crown and House of Cards to make it look like a legitimate email.
Here is a screenshot of the phishing email that Netflix users have been receiving for a while. On the left, we have the phishing email sent by cyber criminals while on the right side is the original email sent by Netflix. It is evident that the phishing email is well crafted and official looking. The only difference is that Netflix never mentions subscriber’s name in their emails.
The scam was discovered by MailGuard who wrote in their blog post that the scam is being run on a compromised WordPress website. It should not come as a surprise since WordPress is filled with zero-day security flaws and often used by hackers to run highly sophisticated phishing and malware scams.
A search on who.is shows the compromised website is owned by “Ilitia Celia Ferrándiz” from Spain. However, it is unclear if they are aware that their website has been compromised to target users of one of the world’s largest entertainment company.
The good news is that Google Chrome has already marked the site as “Deceptive site” meanwhile Firefox and Safari users are still at risk.
If you have a Netflix account you might be at risk of falling prey to this phishing scam, therefore, if you receive a suspicious email contact Netflix through their website chat service since the company provides on spot support that has a promising track record.
Other users are also advised never to download or click on any file that comes from an unknown email.