Netflix users in Australia are warned about an ongoing phishing campaign attempting to steal their personal and financial information through a fake billing reminder scheme. The researchers noted that users must immediately delete suspicious emails from entities masquerading as Netflix and avoid clicking links attached to them.
Based on the investigation, the subject of the fake Netflix emails is ‘Last Reminder,’ where users are notified about a purported billing reminder they need to act upon in the next 48 hours. The email also reads that if the user does not take action, their Netflix membership will be suspended.
At the end of the email is a button saying ‘Verify Now,’ which users are instructed to click to be redirected to another page, likely the set-up phishing site of the threat actors where they collect the users’ data.
This Netflix phishing campaign instils urgency for the users to act quickly.
Since the campaign has set a deadline for users to “verify” their account membership within 48 hours, the researchers believe that it is a tactic for the victims to act quickly and provide their data for the threat actors to steal.
Moreover, the phishing site where the users are landed looks identical to the real login page of Netflix, although the movie titles in the background are written in French instead of English. Furthermore, if the user checks the page URL, it will read ‘myaccount-netflix,’ which is suspiciously unrelated to the popular video streaming platform.
Users are asked for their email addresses, phone numbers, and Netflix account passwords. Meanwhile, the next page will ask for their credit card data, including their full names, card numbers, expiration dates, and CVVs.
Further sensitive details are also required from the users, such as their residential addresses and ZIP codes.
At the end of the process, the users are finally required to provide an OTP sent to their mobile numbers to verify the transaction. At this point, if the user delivered all the data asked, they have likely been victimised already, losing their data to the hackers, including their financial information, which could lead to monetary loss.
Users must remember that legitimate services, such as Netflix, will never ask for people’s data through text messages or email, especially their banking information. If they receive suspicious messages, it is highly advised to delete them or report them to authorities to be investigated.