A new phishing scam pretending to be from entertainment company Netflix has recently been making the rounds online.
According to a report by MailGuard, the email is utilizing a template system to personalize messages. This means that the email is set to display the recipient’s name, therefore making it look more legitimate.
Fake emails are personalized per recipient. | via MailGuard
The email in question contains an alert informing that the recipient’s Netflix subscription has expired, and that they have to “restart their membership” to be able to enjoy the service. If the link is clicked, a bogus Netflix page is opened, which will then ask for the user to login.
It will even require the user to enter personal details such as credit card details, driver’s license, mother’s maiden name, billing address, and so on. Obviously, once these are submitted, the credentials will be sent over to the cybercriminals, with the intent of using them for identity theft or other related activities in the future.
MailGuard explains the phishing process further:
The fake Netflix site this scam is using is built on a compromised WordPress blog. Scammers can break into WordPress sites by making use of vulnerabilities in blog plugins and once in, they can make the website look enough like a real Netflix login page to trick their victims.
Phishing is nothing new, yet it remains one of the most alarming things to look out for online. These emails can look very real, which can easily trick those not well aware. To lessen chances of falling victim to such schemes, it always pays to double check the sender of the email and the URLs that are being opened, as these usually point out if a message is indeed coming from genuine sources.