While most people around the world are now spending time at home watching Netflix, it seems the perfect time for hackers to phish. So, as expected, a new phishing campaign is in the wild. This time, the phishing attack aims at stealing users’ Netflix credentials.
New Netflix Phishing Attack Found
Researchers from Armorblox caught new phishing in the wild targeting Netflix users. Sharing the details in a post, they revealed that the new phishing attack aims at stealing Netflix credentials and other data.
In brief, this campaign also exploits emails to prey on users. The attack begins when the phishing email reaches a user’s inbox. It impersonates as an email from Netflix informing about problems with the user’s billing and payment details. To add a sense of emergency, it also alerts the user about the ending of the subscription within 24 hours.
Clicking on the embedded phishing link then redirects the user to the phishing web page. At this stage, the victim may enter the details believing the page to be true. And there goes the entire sensitive information to the attackers.
The phishing page will redirect the user to the genuine Netflix website. Hence, the victim would never know of the phishing attack unless otherwise affected.
Evading Detection Via CAPTCHA
The whole phishing strategy in this campaign resembles what most other campaigns implement. However, what makes it succeed is the use of CAPTCHA.
After clicking on the phishing link embedded in the phishing email, the user first reaches a black and red themed web page with a CAPTCHA. This seemingly harmless step actually ditches the security checks detecting malicious URLs. Hence, the phishing email easily reaches the users’ inbox.
Plus, this CAPTCHA also makes the user believe the legitimacy of the mail.
Besides, the attackers behind this campaign have made sure to host all phishing web pages on otherwise legitimate domains.
Hence, once again, this phishing attack and its likes may prey on any internet user at any time. Thus, the only way for users to stay safe is to be very careful while dealing with such emails.
The best strategy is to never click on the links embedded in emails. Even if the mails are true, it’s better to manually type the respective service’s URL in a new tab on the web browser and see if your account displays anything per the email you just received. Or, get in touch with the customer support to inquire about the legitimacy of any alert you don’t recognize.
Let us know your thoughts in the comments.