A fake email using the Netflix name was identified as a phishing scam a couple of weeks ago. Disclosed by the US Federal Trade Commission (FTC), the message seems extremely professional, in which the sender has asked to disclose the personal data including payment methods and their details. Users living in other countries where English is not the main language also received the message in their respective languages.
As the user clicks on the link given within the email, a phishing program or a ransomware is going to get installed on the user’s system, giving access to the cybercriminal(s) to steal anything of their choosy. There is also the possibility that the person will be redirected to a false page of the platform and, unintentionally, share with the scammers their personal data and in addition to Netflix login and password.
“The kind of phishing that involves disclosing of a form of payment – can have a double benefits for the cybercriminal since he/she gets the Netflix account password (and resells it underground) and still gets the credit card number of the victim, and can clone him. Just as Netflix, Deezer & Spotify, there are among the online services where phishing attacks occur quite frequently, since these credentials can be resold underground, “Fabio Assolini, a senior security analyst at Kaspersky Lab, told a reputed media company.
The e-mail circulated by the United States was written in British English, which shows how the network of criminals behind the coup is wide. The email was also received by users living in countries where English is not the primary language. They received the message in their respective languages, which said the same thing.
According to Assolini, it is common to use the Netflix company name to apply phishing scams, which can occur in different ways, such as account or card account alert e-mail, account re-registration, false promotions, and more. The FTC requests that false emails from Netflix be forwarded to the company via firstname.lastname@example.org for the company to investigate the scam.
How to protect yourself
In phishing scams such as this, cybercriminals create e-mails, messages or even fake websites passing by known companies, in order to obtain private information from victims. In the US, a model that has been quite common is the false promotions shared by WhatsApp, which promise prizes if victims access a link. Often, there is also a stimulus for the person to share the message with the contacts.
To avoid falling into this type of fraud, it is important to be aware of the grammar, since these texts are usually poorly written and present errors of the language in which the message is written. If the message is sent by email, it is essential to check the sender’s address and if there are other forms of contact for troubleshooting other than just links.
It is also essential that the user does not download files and does not share personal information by clicking on the links provided. In the case of WhatsApp scams, users should be wary of promises too good to be true and requests to share content with others.