Daredevil hackers are targeting Netflix users with a new phishing attack that attempts to break bad with their credit card details. Security outfit FireEye discovers the scam, which targets binge watchers using an email asking them to update their Netflix membership details.
If users are fooled into clicking the malicious link within the email, they’ll find themselves directed to a legitimate looking Netflix login page. One signed in, they will be asked to enter further details such as their name, date of birth, billing address and payment card information, and then directed to the official Netflix website.
As pointed out by FireEye, the scam uses some clever techniques to evade phishing filters. The first is the AES encryption, which encodes the content presented at the client’s side, and host-based evasion to ensure the phishing pages are not displayed to users at certain IP addresses.
“The host name of organisations such as ‘phishtank’ and ‘google’ are blacklisted,” FireEye explains. “The host name of the client is compared against a list of blacklisted host names. If there is a match against the blacklist, a “404 Not Found” error page is presented.
The security firm goes on to note that the phishing campaigns it observed are no longer active, so it’s unlikely this scam will bring whole House of Cards down for the streaming giant. Stranger Things have happened, though.
Hackers used two methods, the first involving a malware that tricked people into believing they’ve downloaded official Netflix software. Clicking on the dodgy file downloads a trojan in the form of Infostealer. Banload, which is capable of lifting sensitive information including banking details.
The second method, like this latest scam, targets users via phishing campaigns that attempted to redirect people to a fake Netflix website.