An effective phishing campaign that targets Netflix users has been uncovered by Armorblox researchers. In a blog post, Chetan Anand (co-founder and architect at Armorblox), describes the Netflix phishing attacks as multi-pronged. The attack begins with emails that claim to be from Netflix support.
These emails threaten users to respond in 24 hours or their account will be deleted. The reason given is related to a failure to receive payment for services rendered. Ordinarily, these sorts of emails are stopped by anti-phishing filters. However, Armorblox found that the links in the email appear legitimate. This confuses anti-phishing filters like Office 365 Exchange Protection.
The links in question are a redirect to a legitimate domain (including wyominghealthfairs[.]com) that contains a functioning CAPTCHA. Once the CAPTCHA is completed, users are redirected again to a very convincing Netflix page copy that is also hosted on a legitimate domain (axxisgeo[.]com). All of this makes the Netflix phishing attack dangerously effective.
Now, it goes without saying that any aware user would notice the URL bar not saying it belongs to Netflix. Unfortunately, many individuals are not as knowledgeable as they should be, especially if they were already fooled by the initial email and CAPTCHA link.
On the spoofed Netflix page, according to Armorblox’s post, the following occurs if users have been hooked by the phishing scheme:
Once targets fill in their login details, the phishing flow continues with screens asking targets to update their billing information and credit card information respectively. These next few screens look a lot like something you’d see on legitimate streaming websites; this superficial legitimacy enables attackers to harvest their targets’ billing addresses and credit card information in addition to their Netflix account details... Once the targets have filled in all their information, the phishing flow ends with a message of “success” and an automatic redirection to the real Netflix homepage.
The only lesson that can be learned from this Netflix phishing campaign is always to be aware of fraudulent emails. Do not assume your spam filter will take care of every phishing email. Double-check every address to every domain you are linked to, and of course, do not be quick to volunteer your personal data to any website.
Featured image: TechGenix photo-illustration