Online scams are of recurring nature and more often than not, they tend to affect many. As part of many phishing cases, a new Netflix phishing scam has surfaced that is stealing users' credit card details and more information. Read on to know how this phishing scam works and how you can remain safe from this.
Netflix phishing scam
As per Armorblox, due to a new Netflix credential phishing scam, some users have received emails regarding their billing failure issue. The email claimed to cancel the users' Netflix subscription in 24 hours, which caused many into tapping on the link to complete their payment details. This was the first step of the phishing attack wherein the hacker initiated the scam.
The main step began if a user clicked on the link provided in the email. Once the user clicked on the link, he or she were taken to a Netflix dupe website with a phishing flow. Users were asked to enter their Netflix login credentials, billing address, and credit card details. Once done, he or she were taken to the original Netflix website, thus, completing the phishing flow. This way the users unknowingly gave their card information and fell prey to the phishing scam.
A couple of things worth noting is the way the phishing setup was able to surpass the security controls. This is due to a couple of reasons. Firstly, before taking users to the fake Netflix website, the hackers redirected them the fully-functioning CAPTCHA page with true-looking Netflix page and the whole CAPTCHA process appeared authentic. Secondly, both the CAPTCHA page (Wyoming Health Fairs site) and the Netflix site (an oil and gas company in Texas) were hosted on legitimate domains, which helped the attacker surpass the security filters.
All this was topped with the authentic-looking Netflix website and well-done social engineering. Although, the fake website has extra options such as Need Help, Facebook login option, and more that isn't available on the original website.
If you ever come across an email like this, refrain from opening it or clicking on the link in it. It's best advised to head to the Netflix website and verify your payment and more details before falling for a trap like this.