New Netflix Phishing Scheme Uses Sophisticated Tactics to Steal Credentials

In January of this year, cybersecurity firm FireEye discovered a phishing campaign heavily targeting US-based Netflix users. It now appears that this campaign has resurfaced, using a more sophisticated approach to steal Netflix login credentials. The phishing emails targeting Netflix customers contain no obvious spelling or grammatical errors and employ Netflix-style templates, even addressing targets by name in the body of the email. They entice recipients into clicking on the embedded link by suggesting there are problems with their memberships such as billing issues or account suspensions. If clicked, the embedded link leads victims to a convincing phishing page, designed with much of the same HTML code used on the legitimate Netflix website. The hackers behind this campaign use compromised websites, such as WordPress blogs, to host the Netflix phishing pages, helping them evade detection by security scanners. Once login credentials are entered into the associated fields on the phishing sites, hackers can then use them to gain access to the victim’s Netflix account as well as any other personal account that shares the same credentials. Netflix and other login credentials are often sold and traded on underground forums and the dark web to other malicious actors. The NJCCIC recommends users that have questions or concerns regarding their accounts log into Netflix directly through the company’s legitimate URL and avoid accessing their accounts by clicking on links sent in emails, text messages, or through social media platforms.