New research from Kaspersky has revealed a brand-new phishing scheme that zeros in on Netflix subscribers. The research is discussed in a blog post, written by Leonid Grustniy, for Kaspersky’s main website and was later referenced in a Threatpost article.
The social-engineering scheme results from primarily email phishing attacks that pose as legitimate correspondences from Netflix. In many cases, the threat actors will state that payment data is needed to continue service. They claim in these emails that they are “having some trouble with your current billing information” and “we’ll try again, but in the meantime, you may want to update your payment details.” This email, which looks like a real Netflix email minus spelling errors, leads the victim to a convincing page that collects name, address, and payment information.
While this phishing method is primarily going after users of Netflix, Kaspersky researchers also found numerous fake pages that mimic an actual sign-up page for new users. These pages can be found through various methods, but the key link is that they are fake and will merely steal data. A recommendation is to double-check the page and link you are given to ensure you are on an actual website. There will be telltale signs of malicious intent, from incorrect URLs to spelling errors and out-of-date SSL certificates.
This is not just affecting Netflix. In the blog post, Grustniy notes that Kaspersky researchers found similar phishing schemes for other streaming sites. Most notable on the list was Amazon Prime, which makes sense as it has become a rather large streaming competitor in recent years. In all cases, the victims of this style of phishing will not just have their data stolen but also will see it sold on the Dark Web. It is commonplace for cybercriminals to sell off data that can be used for erroneous purchases or identity theft.
In short, never assume any website is safe on the Internet.
Featured image: Flickr / Stock Catalog