Netflix customers are once again being targeted in a recent scam. The scammers are posing as an employee of the streaming website in an attempt to steal Netflix login credentials and payment card information. They will use the payment card details to make purchases themselves or sell the information on the Dark Web. What do they do with the login credentials? They try the login combination on other sites, hoping to get to your bank account or into some other site that has very sensitive information that they can also steal and sell.
Researchers at PhishMe discovered this most recent scam. Emails purport to be from the Netflix support team asking users to update their accounts.
Any time you are asked to update account details, don’t click links in email messages. Instead, go directly into your account using a previously bookmarked link you are confident is safe. Otherwise, carefully type the website URL into the address bar. Do a quick check to make sure you see that “https://” before putting in any details. If all is clear, go ahead and login and change your account details that way. This goes for any site; not just Netflix.
The email is addressed as “Dear Valued Customer,” rather than personalized. This suggests it is a mass campaign and should certainly be considered suspect. There is a link in the message where you can click to “update” easily, but that link is malicious and will direct you to a fake webpage.
In this attack, the hackers hope you use the same login credentials on multiple sites. They will try to reuse the passwords in an attempt to get into your financial accounts or healthcare accounts, for example. That’s why you should always use unique passwords for each account you have.
A couple of months ago, another Netflix scam was going around asking users to update payment details to avoid having their accounts deactivated. If you see that one, the same advice applies.
© Copyright 2017 Stickley on Security