Popular entertainment company Netflix has once again been embroiled in a phishing email scam.
Containing several red flags that point to their illegitimacy, the phishing emails sent supposedly by Netflix are a good reminder for the need to remain cyber vigilant when accessing the web.
MailGuard first detected these malicious emails infiltrating inboxes across Australia on Wednesday afternoon (AEST).
Sent via a compromised account, the emails use a display name of ‘Netflix’. However, several special characters have been used to obfuscate this. The email actually comes from what appears to be a compromised email account.
The body of the message advises the recipient that Netflix is supposedly facing “some trouble” with clients’ “billing information”. As such, recipients are directed to update their “MASTERCARD” payment details.
Here is a screenshot of the email:
Unsuspecting recipients who click on the ‘UPDATE ACCOUNT NOW’ button provided are led to a phishing site page hosted on Blogspot. This page has been taken down and is no longer being displayed.
While this email incorporates the branding and logo of the company, it contains several red flags for anyone who is vigilant enough to spot fake email scams.
Firstly, there are several grammatical and spelling errors within the body, such as “Dears Customer”. Spacing errors are also present throughout the email, a trait that is expectedly not likely to be present if the email was, in fact, being sent from a well-established organisation such as Netflix.
This is not the first Netflix based scam MailGuard has seen recently. Netflix is a popular and well trusted company with an immensely large customer database, so their branding makes a good lure for cybercriminals looking to deceive people.
If you see an email from Netflix, please exercise caution and make sure it is a legitimate communication before you open it. Please share this alert with your social media network to help us make the people aware of the threat.
What to do if you receive such emails
As a precaution, avoid clicking links in emails that:
- Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include
- Are from businesses you’re not expecting to hear from.
- Ask you to download any files
- Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.
Don’t get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we’re all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
Akankasha Dewan on 28 March 2019 15:17:20 AEDT