Netflix is the most recent victim of scammers using brand phishing tactics to obtain financial information from unaware users. Check Point Research reported on this concerning trend, pointing out that large corporations such as Microsoft, Google, LinkedIn, and Walmart have also fallen victim to such schemes.
HOW DOES THIS NETFLIX SCAM WORK?
Scammers launched a major phishing campaign on Netflix members in the first quarter of 2023, which still continues sending false emails seemed to be from the streaming provider.
These emails were skillfully constructed to trick recipients into believing that their Netflix accounts had been suspended due to a failure to authorise payment for the upcoming subscription period.
The subject line said "Update required - account on hold," leading consumers to believe it was a message from Netflix.
THE DECEPTIVE LINK
Users were encouraged to renew their subscriptions by clicking on a link supplied in the fraudulent email or message. This link, didn't redirect to Netflix's official website but to a forged website instead:
https://oinstitutoisis[.]com/update/login/
When customers provided their payment information on the fake website, the intention was to steal these critical account details.
IDENTIFYING THE SOURCE
According to the investigation, the scam email looked to be from "Netflix," but it was actually received from the webmail address support@bryanadamstribute[.]dk.
HOW ONLINE SCAMMERS DECEIVE USERS
Brand phishing is a typical approach used by fraudsters to deceive users in online scams. They develop fraudulent websites that seem just like the official websites of well-known firms, using similar domain names and web page designs.
These bogus websites are then shared by email, SMS messages, and even mobile apps. Scammers can steal credentials, financial information, and other sensitive data when users unintentionally navigate to these sites and provide their personal information.
HOW TO AVOID THIS ONLINE SCAMS
To avoid becoming a victim of an online scam, users should exercise caution and adhere to the following guidelines:
1. Be Cautious of Emails: Be careful of emails alleging account suspensions or requiring immediate action. Visit the official website or contact customer service through reliable channels to confirm such information.
2. Verify with Official Sources: When in doubt, check the legitimacy of emails, phone calls, or text messages with official sources or applications linked with the service in question.
In the above screen layout of a message that seems to be sent by Netflix, the scam can be clearly identified from the fact that Netflix email always ends with abc@netflix.com or xyz@netflix.in
This questions the legitimacy of message received.
3. Avoid Unverified Links: Avoid clicking on links in questionable emails or messages, particularly those that redirect to external websites. Instead, manually enter the website address into your browser to make sure you're on the official site.
