“Email message warning about 'payment delay' from streaming platform is being used to trick users into providing their payment details”
Netflix
A scam that has been around for a while now has a new twist. Cybercriminals are using Netflix to steal credit card details from subscribers. According to ESET, the campaign is being distributed via an email with the greece mobile database line “Notification Alert.”
In the body of the email, the message informs about an alleged debt accumulated in the victim's name, which may lead to the suspension of the service "if quick measures are not taken". The idea is to appeal to the immediacy of the action to deceive the user, who thinks that he will not have time to check the problem before resolving it.
ESET/Reproduction
Email from the fake campaign that uses Netflix's name to trick users. Image: ESET/Reproduction
However, some features give the scam away. The email address, although it includes the name of the company it claims to represent, has no relation to the brand name – it is just an account compromised to use the malicious spam service. ESET also highlights the URL behind the “UPDATE YOUR PAYMENT INFORMATION” button, which can be seen by placing the mouse pointer over the button, without clicking. The link also does not refer to an official website or one registered by the brand.
The combination of two languages (the text on the page is in English while the message was sent in Spanish) is more than just a warning for any user. The scam seeks to steal victims' financial data by asking them to provide the full numbers of the payment methods used or a new credit card.
If the victim follows the scam, after confirming their details they will be sent a message, also in English, indicating that the account has been reactivated. By clicking “Continue”, the user will be redirected to the official Netflix page, where they can “confirm” that their account is not blocked (which it never was, in fact).
According to ESET, detections of phishing attempts in Latin America during January and July of this year represent an increase of more than 600% compared to the same period in 2019. “As we always say, when there is the slightest doubt about the legitimacy of an email, we should never click on the link that accompanies a message that arrives unexpectedly,” explains Luis Lubeck, Information Security Specialist at ESET in Latin America.