Netflix is undoubtedly the pioneer in online video streaming services and has millions of members worldwide – which might explain why it has recently piqued the interest of online criminals. In a recent cyber attack, Netflix subscribers were targeted by suspicious emails aiming at accessing their banking data.
Scam Email Targets Millions of Netflix Users
If you are not a fan of Stranger Things or House of Cards, then you are among the precious few that have still to catch up with the frenzy of Netflix “binge watching”. In fact, the streaming services provider’s content has been so popular that the company managed to land more than five million more subscribers in the 3rd quarter of 2017, raising the total number of its members to almost 110 million. It is no wonder then that these customers have been targeted by an email sent out in bulk, asking them to re-enter their billing information on the site – including their payment method credentials – in order to continue enjoying the service.
You will find more statistics at Statista
The email alleged a processing error and mirrored the Netflix layout to extreme detail (including copyright dates), in an effort to get unsuspecting subscribers to fall for the trap – and many did. It urged victims to either send back their account data by responding to the email or by logging onto Netflix. Those who clicked on the malicious link contained in the email were taken to a fake Netflix website that looked just like the real thing, down to images of Netflix original shows like The Crown. There they were asked to log in and update their account details, including credit card numbers and security codes, in order to prevent a suspension of their subscription. The emails even contained personalised information in addressing the victims, in order to convince them of their authenticity.
Users Tricked into Visiting Phishing Link and Sharing Financially Sensitive Information
Although many fell victim to the scam, eager to protect their account from being suspended, this was just a textbook case of a phishing attack – tremendously well-designed and executed. Phishing refers to a specific type of social engineering attack where a criminal takes on the role of a trusted party in order to dupe the victim into opening an email, instant message, or text message. These contain a malicious link, which the hacker tricks the recipient into visiting, which can lead to the installation of malware or enable the cybercriminal to access and steal sensitive user data such as login and banking credentials.
The streaming service itself has provided resources on what to do when you receive a suspicious email or text message. Even if an email seems legitimate, users are prompted to always log into Netflix by typing the URL into their browser instead of clicking on links contained in such messages. Customers are also advised to never open any attachments they receive unexpectedly and to forward any messages they suspect are phishing attempts to Netflix, so that the company can investigate.
It seems that similar scam emails were sent out in January 2017, but the latest big wave was last November; yet the hackers seem to be making the rounds every few months, so beware and spread the word to fellow online streaming enthusiasts.