Beware fake Netflix email trying to steal your credit card info

While Meltdown and KRACK make security headlines, Sophos warned that phising remains big business for cybercriminals.

Organisations that had their brands used in recent malicious campaigns include eBay, PayPal, Visa, and American Express, said Sophos.

“Protecting your brand against abuse by phishers is, sadly, as good as impossible, especially if your brand is well-known and widely advertised,” it said.

In a recent phishing campaign, Netflix had its brand hijacked – and Sophos highlighted what to look out for.

The fake email

The phishing email uses Netflix’s branding and similar language to what the company uses in it communications.

Attackers use the trick of changing characters in the branding and URL, in this case writing “Netflix” with the greek letter chi.

Netflix phishing email

Fake website with valid SSL certificate

The phishers also hacked a website with a valid SSL certificate and hosted their attack site there.

Netflix phishing site

Netflix phishing SSL cert

Fake 3DSecure page to reassure victim

Netflix phishing 3DSecure

Additional identity theft

Netflix phishing selfie

Redirect to real Netflix site

Netflix phishing redirect

Now read: Fastest ISPs for Netflix in South Africa

Latest news

Partner Content

Show comments


Share this article
Beware fake Netflix email trying to steal your credit card info