New Netflix Phishing Scheme Requests a “Selfie” Featuring Photo ID

A new phishing campaign targeting Netflix users emerged requesting recipients not only submit their account login credentials and payment card information, but also upload a picture of themselves holding a photo ID. They entice recipients into clicking on the link embedded in the email by stating that their accounts are “on hold” and that there are problems with their current billing information. If clicked, the link leads victims to a convincing phishing page, designed with much of the same HTML code used on the legitimate Netflix website. If the requested information is submitted, the hackers behind the campaign will likely use it to commit identity theft, financial fraud, and gain unauthorized access to the victims’ accounts. The NJCCIC recommends users that have questions or concerns regarding their accounts log into Netflix directly through the company’s legitimate URL and avoid accessing their accounts by clicking on links sent in emails, text messages, or through social media platforms.