This Netflix-flavoured phishing attack targets your business emails

Attackers take advantage of people using corporate email addresses for consumer services.
Written by Danny Palmer, Senior Writer

Video: How to help guard yourself against phishing attacks

A phishing campaign which sees cybercriminals send messages claiming to be from Netflix is targeting business email accounts in an attack which, if successful, could provide hackers with the login credentials required to access corporate services.

While this might seem like a fruitless endeavour at first -- watching TV shows and films isn't exactly a corporate activity -- there's a significant number of people who use their business email addresses to sign up for the consumer services which they use in their free time.

The campaign aims to trick people into giving up log-in information and credit card details. The idea is that if the attackers can trick a victim into giving up their log in details, they're able to snoop around the corporate networks and potentially steal data from any services not locked with two-factor authentication.

There's also the prospect of the attackers cross-referencing a successfully phished corporate account with personal emails and, if the same password is shared across multiple accounts, breaking into those too.

Uncovered by researchers at PhishMe, the emails claim to be from Netflix support. The message doesn't refer to the target by name, but just 'Valued Customer' -- indicating this is a mass mail attack rather than any sort of targeted campaign -- and asks them to click through to a link to update their account details


Netflix phishing email

Image: PhishMe

If the victim clicks through, they're presented with a fake version of the Netflix login page which looks to have just ripped assets from the real thing. This fake login page asks for email address and password as the regular Netflix page would, only if they're entered this time, those credentials are passed into the hands of hackers.

Stolen credentials can either be used by the attackers themselves, or sold to others to take advantage of.

Not content with stealing credentials, the attackers also direct the victim to a fake payment information page which says the user needs to update their details, including credit card number, security code, date of birth, zip code, and mother's maiden name. That amount of information can easily allow hackers to carry out identity theft and fraud.

Once the information is submitted, the user is provided with a link back to Netflix itself -- and may be left none the wiser that they've been scammed.

See also: What is phishing? How to protect yourself from scam emails and more

Netflix itself warns users to be 'cautious of fake emails that may be phishing emails' but more often than not, people will just click straight though to a link if it looks like a legitimate email from the company.

Those behind the business email scam scheme appear to be adept at carrying out phishing campaigns. Researchers note that email address associated with it has been recorded in five different phishing campaigns since June, targeting customers of Chase Bank, Comcast, Netflix, TD Bank, and Wells Fargo.

As a global platform with millions of users who pay to subscribe to it, Netflix has long been a target for phishing scams, with the first known instance of such an attack against a user of the service occuring in 2012.

Previous and related content

Hackers are using malware and phishing scams to steal Netflix users' passwords, bank details

Video streaming service customers are being duped by fake offers for a cheaper service, warn researchers

IoT security: Keeping users on their toes means staying on yours [Tech Pro Research]

IoT has introduced new vulnerabilities that can put your network at risk. Providing users with ongoing security training--and examples that relate to their work--will help keep your data safe.

1.4 million phishing websites are created every month: Here's who the scammers are pretending to be

Criminals are replacing phishing websites every few hours in order to avoid detection - thus allowing them to scam more victims out of personal data


Editorial standards