Netflix is great for providing so many hours of television and movies, making it the go-to entertainment option for many. But as enjoyable as it is, it can still provide some trouble. This is what the Amorblox site found out when it discovered a Netflix phishing scam that is stealing credit card information.
How the Netflix Phishing Scam Works
Before abandoning Netflix, it may be beneficial to find out how the scam works and how it was found, as perhaps you can changes things up a little to be sure it doesn’t happen to you so that you don’t have to abandon the streaming service.
Victims of the Netflix phishing scam were sent an email that looks like a Netflix billing failure. It tells them their subscription will be canceled unless they update their details within 24 hours. When they click a link in the email, it sends them to a CAPTCHA page that has the Netflix logo.
By solving the CAPTCHA, they’re sent to a site that looks like Netflix. Here they fill in login details, a billing address, and credit card details. They’re redirected to the real Netflix site so that they never suspect they have just been phished.
This was not initially targeted as a scam as it did five things to increase the chance of it being seen as legitimate.
- CAPTCHA redirect, which helps disguise the URL
- Pages are legitimate web domains, yet not connected to Netflix
- Victims taken to Netflix lookalike site then sent to real site
- Failure notice seemed authentic and required urgency
How the Attack Was Discovered
So the Netflix phishing scam attackers were doing it right, as they were getting away with this and stealing everyone’s credit card information. But what tipped off Amorblox?
The first tipoff was the language, intent, and tone in the email. Amorblox was trained on a lot of data and has been customized to all the customer environments. Once the Netflix email was analyzed, it saw that an unusual request was made. Additionally, the language model detected a sense of urgency, something that isn’t normally found in authentic emails from customer support.
There was also a low communication history between the victim and the sender of the email. Not that that’s indicative on its own of trouble, but when it is combined with the other warning signs, it’s still noteworthy.
While the attacker hadn’t communicated with the victim before, it also hadn’t visited the website domain where the victims were sent. It would stand to reason that someone who worked at Netflix would have been visiting the domain.
These warning signs, along with some other signals they saw, caused Amorblox to flag the email as a credential phishing threat.
Other than detecting the Netflix phishing scam, if you’d like to also avoid other credential phishing threats, just remember the warning signs here. Learn more ways to recognize a phishing site as well. Hopefully, you won’t ever fall victim.