A convincing new email phishing scam currently circulating is designed to steal credit card details, according to researchers from Malwarebytes. It is landing in inboxes alongside the warning: "Your Netflix Membership is on hold."
Of course, your membership and account are probably just fine. But the cyber-crooks responsible, who remain unidentified, will try to make victims believe otherwise with the use of alarming language and threats of account suspension if the they fail to respond to the email. While there are small signs something is amiss, Malwarebytes' lead intelligence analyst Christopher Boyd said this week the operation appears to be "fairly sophisticated."
The email makes use of an Https security certificate from Let's Encrypt—which can seem like a sign of trustworthiness to the untrained eye—and a website that mirrors the legitimate Netflix login screen. It has the correct branding and is signed as "Netflix Support Team." The scam message claims that payment information linked to the account needs to be verified, and that failing to do so will result in a suspension of the victim's Netflix membership.
"This process will only take a couple of minutes and will allow us to maintain our high standard of account security," it adds. Any unwitting user who clicks though will be brought to a website with Netflix branding that asks for their name, address, phone number, date of birth and full credit card details. Then, it redirects to a splash page claiming the process was successful.
"Your account has been updated," the fake site tells the user, who will be unaware their data has been hijacked. "Thank you for updating and confirming your account information. You may now continue to login and use your account as normal without further interruptions."
Cheekily, clicking a link on that page will bring them to the real Netflix website. The only indication something was wrong was a mistake in the small print: the word uniterrupted. "Apart from the clunky typo…this is a fairly convincing email scam, combining someone who knows how to make an email not look terrible with the imminent threat of losing access," Boyd wrote. "Having said that, you'll notice the mail system above flagged it as suspicious.
"This isn't the case for all email clients, however, and one shouldn't assume nothing slips through the cracks," the researcher continued. "Phishing emails won't be going away anytime soon, and the people behind them keep striving to make their fake-outs ever more believable. It's up to us to do what we can and consign their sneaky missives to the recycle bin."
The Netflix brand, like every technology firm with a large userbase, is frequently abused in cybercrime and phishing schemes. "Phishers will go to great lengths to try to take over your account or steal your personal information," Netflix says on its website. "They may create fake websites that look like Netflix or send emails that imitate us and ask you for personal information. Netflix will never ask for any personal information to be sent to us over email."
That includes card numbers, social security numbers and passwords. "Netflix may email you to update this information with a link to our website, but be cautious of fake emails that may link to phishing websites," it adds. "If you're unsure about a link in an email, you can always hover your cursor over the link to see the linked URL at the bottom of most browsers."
