Scam of the Week: The Most Sophisticated Netflix Phishing

This Scam of the Week covers a phishing campaign that hijacked the Netflix brand.  This phish tries to trick you into handing over your login details, your credit card data, and your photo ID.

Here is how the lure looks:

(Note the simple trick, right there in the subject line, of not spelling out the brand-theft text “Netflix” exactly: the crooks wrote the X as the Greek letter chi, so that Netflix came out as Netfli𝛘.) Next, you wind up here and that’s where they steal your credentials. But wait, there’s more…

Next, they steal your credit card data:

And trying to keep you on the hook they throw in a Verified by VISA page:

And to add insult to injury, they also make you confirm your identity by taking a selfie holding your identity card.

Here are the things to think about before you click!

  • Never click on a login link or an account verification link in an email. If there is one, bail.
  • Check for the green HTTPS padlock. If there isn’t one, bail.
  • But if there is a padlock, check the name of the site. If it’s not exactly what you expect, bail.
  • Don’t ignore telltales such as spelling and grammar errors. If it looks wrong, bail.
  • Guard your ID closely. If you’re asked for a selfie or ID when it isn’t absolutely necessary, bail.

Cyber-attacks are rapidly getting more sophisticated. GDR Group will help train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now and email [email protected] to request a quote for security awareness training for your organization.