Researchers from the SANS Technology Institute are warning users to be on the lookout for fake Netflix phishing email messages. They report seeing an increase in these scams where users phish for the users’ Netflix login credentials. While they are not particularly valuable on the dark web, it can allow the thieves to use the stolen credentials and stream content, potentially for a long time before the owners even realize what is happening.
The criminals are creating realistic-looking Netflix websites, even using authentic security certificates. The emails, which are considered the weakest part of the entire scam by the researchers, have a link included that takes users to these registered sites. Then they will log in to what they think are their accounts, not realizing they are giving them up to the thieves.
Netflix and security professionals everywhere warn against clicking links sent in email messages. This particular one is very poorly done, with lots of errors making them easy to detect. Official email messages should be professionally worded, not have a lot of grammatical errors, and look like they actually come from a business. This one apparently does not make it easy to spot.
Using secured certificates for phishing is on the rise. According to Zscaler, it increased by 400% between 2016 and 2017. Users are told to look for the secure site clues, such as the “https” preceding the website address or the lock icon on the page. But these criminals are actually purchasing and implementing these features, creating situations that are difficult to detect and avoid. It’s up to the recipients to use their anti-phishing skills to figure out what is happening. It isn’t impossible, but does require attention.
If you get an email that says you need to confirm your account details or that your account is about to be closed, log into it directly through the website using a previously saved link. Check the information that way. Just don’t click links. You’ll be better off that way and keep your Netflix account viewing choices your own.