Posted on July 30, 2020 at 5:00 PM

Hackers Steal from Netflix Users through Phishing Email Scam

The COVID-19 pandemic has led to the closure of all socializing places such as multiplexes, theatres, and theme parks to reduce the spread of the pandemic. With no option than to stay at home, many people have resorted to getting entertained in-house. They have flocked to sites like SonyLiv, Netflix, and Amazon Video Prime to get such entertainment.

As a result, hackers using various techniques have been drawn to prey on naïve users and steal their financial details via these multimedia streaming apps

The cybersecurity team at Armorblox has also discovered operations from a group of bad actors who are phishing on Netflix subscribers to siphon off their funds.

A striking resemblance with genuine Netflix webpage

The Netflix scam hackers developed a website that has a close resemblance to the original Netflix website to deceive people.

The message has a subject line that reads ‘Notice of verification failure’

But on a closer look, the website’s URL shows clearly that it’s a bogus page. Some users who are watchful enough may see this, but naïve users may not see that the design is a fake one. These are the users the hackers have been able to deceive into making a fake subscription to prevent getting their accounts blocked

The fake webpage has an identical resemblance to the graphics of the main Netflix home screen. It also requests the users to type in their user ID and passwords

Afterward, it asks the user to type in the details of their credit cards to complete the payment.

A recent report reveals that more than 100 million Netflix subscribers were targeted via the email scam. The report also reveals that the perpetrators also stole users’ credit card details to a certain level.

An email security firm, Malguard, alerted the online streaming company about the breach as soon as it was discovered. In response, Netflix said it has started contacting its users and subscribers who are affected by the breach.

The actors send bogus email to Netflix customers, informing them that their account is suspended until the present their financial details such as their names, payment details, address, and date of birth.

The fake Netflix email also has a link that will take the users to a bogus “House of Card” webpage. The page contains information asking the users to fill details such as full name, payment details, address, date of birth, and full name.

One the user sends the payment and it is received, the webpage sends a popup informing the user that payment has been received and subscription will be resumed shortly.

Netflix says only a few customers lost money

One of the reasons why the actors are successful is because the fake email looks real and convincing enough since it has Netflix’s logo,
As a result, the actors have been able to receive more than 7 million customers. But it’s not clear how many customers have sent money to the address.

Mailguard security experts revealed that over 49,000 customers were affected by the ongoing email scam by the actors. But Netflix revealed that only a few percentages were victims and lost money in the scam.

Cybersecurity experts have also offered advice by providing steps to protect themselves and prevent such scams.

They should hover their mouse over the link and verify the name of the domain name the URL is pointing.

They should also install current email filtering and security software on their device. The software will monitor and block any dubious-looking email.

The researchers also advised that users should hide their friend’s list on Facebook to prevent users from scooping on it to send messages. Users also need to turn off location service and be mindful of the security levels of apps.