The Netflix Phishing Scam is back with a vengeance.
During the month of December 2018, we observed a wave of phishing attacks against Netflix subscribers targeting their credential/credit card information. The situation was so bad that the FTC as well as authorities in Europe issued a warning. This weekend, another high volume campaign was observed by Blue Hexagon Labs.
Blue Hexagon network threat prevention solution immediately alerted on a new Netflix phishing campaign that started over the weekend.
The phishing campaign doesn’t contain any especially novel elements, but it executes the basics well enough that it’s very convincing.
Like so many phishing efforts, it starts with an email purporting to be something that it’s not. In this case, it is attempting to convince the subscriber that there is an update to the Netflix legal agreement that requires review and consent.
The main goal of the attack is similar to the previous attacks in gaining access to the user login credential as well as payment credit card information. Here is the snapshot of the fake login page that is used in the attack
As the campaign is still in progress, there are no official numbers on how many users have been impacted, but we urge users to be vigilant.