Phishing Scam Targeting Netflix Customers-Reported as Truth!

/ Warnings / By /

Phishing Scam Targeting Netflix Customers-Reported as Truth!

Summary of eRumor:
Netflix customers are being targeted by a phishing scam in which victims receive an email appearing to be from Netflix that asks them to confirm membership info — which is then stolen by scammers.
The Truth:
Warnings about a phishing scam targeting Netflix customers’ personal information that began circulating in January 2017 appear to be credible.
The malware prevention and cybersecurity firm FireEye issued a warning on January 9, 2017, stating that it’s Email Threat Prevention (ETP) system had discovered a phishing scam targeting Netflix customers’ credit card data and personal information:

The attack seems to start with an email notification – sent by the attackers – that asks the user to update their Netflix membership details. The phishing link inside the email body directs recipients to a page that attempts to mimic a Netflix login page…

Upon submitting their credentials, victims are then directed to webpages requesting additional membership details (Figure 2) and payment information (Figure 3). These websites also attempt to mimic authentic Netflix webpages and appear legitimate. Once the user has entered their information, they are taken to the legitimate Netflix homepage.

As in most phishing scams, those who click on the link are directed to a login page that has been designed by the scammers to look exactly like the official Netflix login page:

Phishing Scam Targeting Netflix Customers
A phishing scam targeting Netflix customers uses a login page that looks exactly like Netflix’s login.

After submitting login information, Netflix customers are then asked to confirm their billing address before being directed to another page to validate payment information:

Phishing scam targeting Netflix customers
A phishing scam targeting Nextflix customers asks people to provide credit card data and Social Security numbers.

It’s important to remember that no credible company would ever ask you to provide your Social Security Number via a website or email — and you should never provide it.
Netflix has not responded to warnings about a phishing scam targeting Netflix customers, so it’s not clear how many people have been affected by it. The the Aroostock County Sheriff’s Office posted a warning on Facebook that has been widely circulated, but again, the warning doesn’t cite any first-person accounts of the phishing scam targeting Nextflix users. So, while based on Fire Eye’s credibility it’s clear that a phishing scam targeting Netflix customers exists, but it’s not clear how many Netflix customer, if any at all, have been targeted by the scam.