Netflix phishing attack targets users with ‘legitimate’ links

An effective phishing campaign that targets Netflix users has been uncovered by Armorblox researchers. In a blog post, Chetan Anand (co-founder and architect at Armorblox), describes the Netflix phishing attacks as multi-pronged. The attack begins with emails that claim to be from Netflix support.

These emails threaten users to respond in 24 hours or their account will be deleted. The reason given is related to a failure to receive payment for services rendered. Ordinarily, these sorts of emails are stopped by anti-phishing filters. However, Armorblox found that the links in the email appear legitimate. This confuses anti-phishing filters like Office 365 Exchange Protection.

The links in question are a redirect to a legitimate domain (including wyominghealthfairs[.]com) that contains a functioning CAPTCHA. Once the CAPTCHA is completed, users are redirected again to a very convincing Netflix page copy that is also hosted on a legitimate domain (axxisgeo[.]com). All of this makes the Netflix phishing attack dangerously effective.

Now, it goes without saying that any aware user would notice the URL bar not saying it belongs to Netflix. Unfortunately, many individuals are not as knowledgeable as they should be, especially if they were already fooled by the initial email and CAPTCHA link.

On the spoofed Netflix page, according to Armorblox’s post, the following occurs if users have been hooked by the phishing scheme:

Once targets fill in their login details, the phishing flow continues with screens asking targets to update their billing information and credit card information respectively. These next few screens look a lot like something you’d see on legitimate streaming websites; this superficial legitimacy enables attackers to harvest their targets’ billing addresses and credit card information in addition to their Netflix account details... Once the targets have filled in all their information, the phishing flow ends with a message of “success” and an automatic redirection to the real Netflix homepage.

The only lesson that can be learned from this Netflix phishing campaign is always to be aware of fraudulent emails. Do not assume your spam filter will take care of every phishing email. Double-check every address to every domain you are linked to, and of course, do not be quick to volunteer your personal data to any website.

Featured image: TechGenix photo-illustration

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

See the light: How to avoid webcam hacking

With so many employees video conferencing from home, the webcam may be a portal to…

3 days ago

Using Intel VTune Profiler performance analyzer on Hyper-V VMs

The Intel VTune Profiler performance analyzer can do more than monitor a system’s CPU utilization.…

3 days ago

The evolution of backup: Interview with Altaro’s Simon Attard

Backup is not the glitziest part of an IT pro’s job, but it may be…

4 days ago

U.S. Department of Veterans Affairs experiences data breach

A successful cyberattack initiated by a social engineering campaign has caused a data breach at…

4 days ago

How to turn off or restart Windows 10 updates: Step-by-step guide

In this article, we'll show you how to turn off or restart updates in Windows…

4 days ago

Five native Windows Admin Center extensions you need to know about

Windows Admin Center is becoming the tool of choice for managing Windows Server deployments. Here…

5 days ago