Netflix subscribers in Australia are being warned of an email scam that leads to a highly sophisticated website – able to change as a victim types in their login information. Users are being asked to delete fishy emails from their inboxes right away.
The phishing scheme was discovered by the Australian Communications & Media Authority (ACMA) last week, urging them to report about the issue while also identifying the malicious email’s subject heading – Netflix Membership on Hold.
The Netflix scheme brings users to an imitation Netflix login page that looks and feels like the legitimate one – even mimicking movie posters/thumbnails in the background.
ACMA’s cybersecurity manager, Bruce Matthews, said that the scammers are becoming more sophisticated and their phishing websites “very much replicate your experience when using the real website.”
As a user logs in the fake Netflix website, their login credentials are matched with their real names from the legitimate Netflix site. As the user continues on, a verification form shows up with their full name already in place – leading the user to think that this is authentic.
Scammers are becoming more sophisticated, their websites replicating your experience when using the real website.
The user is also asked for other information such as their address, birthday, contact number, and of course, their credit card information. From here, the Netflix scam site shifts dynamically.
It will link the credit card information to the respective bank, asking for additional verification by using “Verify with Visa” or “MasterCard SecureCode” boxes to further trick the user.
According to Matthews, “If a particular bank asks for additional security information, it will determine that based on your credit card details and the form will change – it’s a very clever website.”
“Smart phishing” was coined by Internet security experts to describe scams are able to change based on the circumstance, even being able to point out incorrect information credit card numbers entered inaccurately.
While the coding of the fake Netflix website shows that the scammers are focusing on Australian subscribers, this can certainly be modified to target other countries. Matthews added that scammers seem to follow the money trail, assessing how successful their campaigns are in various locations.
Matthews also recommended that users should be wary of the URL or link of the website they are accessing, but this was becoming more difficult since mobile phones and devices are being used to go on the Internet or to check emails.
The official Netflix website users can safeguard themselves by using unique passwords; changing it periodically; being more wary of possible scams; reporting any suspicious activities; and regularly signing out of their devices – specially unused ones.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.