The ESET Laboratory warns of a new fake email campaign that uses the Netflix image to steal access credentials.
Netflix is exposed to dangerous phishing that circulates through mail and is designed to steal user access credentials and account-related banking data.
Laboratory ESET Latin America found that e-mail indicated that suspicious activity had occurred and that it had to check the login information.
Any unexpected user could assume that the serial and movie provider is a real consignment and click the UPDATE link to avoid losing access to their services. With this direct link, it has not been established that the web address to which it is addressed does not correspond to any official Netflix service address, nor is it visible on any link.
After following this step, you enter a domain that is related to the alleged Netflix command, where you can see that the server corresponds to a free hosting service in the UAE. The screen the user will meet is:
The screen perfectly copies the original site, and especially before entering any user and password, there is no verification of any kind of credentials, but it attempts to steal the data one step further by requesting the account-related credit card details.
Again, it does not validate the data entered, but only confirms that it meets length requirements in some areas. After the requested information is provided, the site will eventually return the user to the original Netflix portal, reaching the task of stealing access credentials and payment data from the account.
"In a more detailed analysis, it was not possible to verify whether other activities, such as some malicious software download or execution of an additional code that could affect the machine's resources, could be interpreted as a campaign aimed only at the theft of personal information, possibly to sell on the black market (active credit card sales are about $ 45 in the dark web), or to use in other targeted attacks. " commented Camilo GutierrezHead of ESET Latin America Laboratory.