It's a scary digital world out there. Hackers are constantly trying to find loopholes and vulnerabilities that can be exploited to their advantage. 2017 has witnessed some of the biggest cyber-attacks, including WannaCry, Petya, Adylkuzz and others, but there is no end to the risks of the online world.
Now, Netflix users have been targeted in what appears to be a very convincing scam to steal their banking credentials. Email filtering, anti-spam, and anti-virus company MailGuard discovered the new threat that is being circulated by the means of email. Even though MailGuard users are free from the risk of being duped by this new scam, others are at a high risk.
Scammers are circulating emails notifying Netflix users that their membership to the online-streaming service has been suspended due to invalid billing information. A sample of the scam email shared by MailGuard is dangerously convincing, and it can easily fool anyone since it shows the name of the intended victim, which personalises the scam.
The email also has a link integrated within the email with an option to restart membership, which is a natural next step for those who find out their Netflix subscription is due to be suspended. But the real risk is when the recipient clicks on that link to update the right information.
When a user clicks on the link in the email, they'll be redirected to a webpage that looks exactly like an official Netflix page with an option to sign in. Once signed in, it will redirect victims to a screen where they'll be asked for their personal information such as credit card details.
In order to identify the fake site, users can look at the web address on the top URL.
"The fake Netflix site is built on a compromised Wordpress blog. Scammers can break into Wordpress sites by making use of vulnerabilities in blog plugins and once in, they can make the website look enough like a real Netflix login page to trick their victims - as shown in the screenshot above," MailGuard noted in its findings of the new scam.
But if you fall right into the scammer's trap, you're not only at the risk of compromising your banking credentials, including your credit card, but also at a higher risk of identity theft. The fake Netflix information page also asks users to update their driver's license, billing address, mother's maiden name and other details.
What you need to do?
First of all, do not hastily act upon any email you receive from Netflix. It's best to go to Netflix official website and verify your account status instead of following any link in the email. It's one extra step, but trust us, it is worth the effort.
Recipients of such a scam can hover the mouse over links within the email. If the link seems suspicious, it's best to stay clear. DO NOT CLICK ON SUSPECTING LINKS IN EMAILS.
Always verify the sender. No matter how legit the content of the email appears, question the authenticity of the sender ALWAYS.
Always verify that your websites are HTTPS-enabled. Finally, since this is a scam targeted towards Netflix users, follow THIS LINK for the authentic website (we can vouch for it).