Security analysts have uncovered a dangerous and highly convincing new Netflix phishing scam (opens in new tab), capable of evading traditional email security software.
Identified by researchers at Armorblox, the phishing email masquerades as a billing error alert, pressing the victim to update their payment details within 24 hours or have their Netflix subscription voided.
The link provided in the email redirects to a functioning CAPTCHA form, used in legitimate scenarios to distinguish between humans and AI. Although this step adds a layer of friction to the process, it serves to enhance the sense of legitimacy the attacker is attempting to cultivate.
- Check out our list of the best email clients (opens in new tab) around
- We've built a list of the best password managers (opens in new tab) on the market
- Here's our list of the best identity theft protection (opens in new tab) services out there
After handing over account credentials, billing address and payment card information, the victim is then redirected to the genuine Netflix home page, unaware their data has been compromised.
While Netflix phishing has been around ever since the video streaming platform rose to prominence, this latest scam is particularly threatening, thanks to its capacity to both seduce the victim and evade email (opens in new tab) filters.
According to ArmorBlox researchers, the scam outwits email security controls using two distinct techniques.
The legitimate CAPTCHA form serves to conceal the phishing landing page from security technologies that analyze URL redirection, while the landing page itself is hosted on a bonafide domain (www.axxisgeo.com), managed by a Texas-based oil and gas company.
“By hosting phishing pages on legitimate parent domains, attackers are able to evade security controls based on URL/link protection and get past filters that block known bad domains,” explained ArmorBlox in a blog post (opens in new tab).
“Attackers likely exploited vulnerabilities in the web server or the Content Management Systems (CMS) to host these pages on legitimate parent domains without the website admins knowing.”
The information gathered by the scammers could be used in a variety of secondary attacks, including account compromise, identity theft and financial fraud.
To protect against phishing attacks of this kind, users are advised to scrutinize emails for abnormalities that might identify a scam and cross-check landing page URLs with known addresses (e.g. www.netflix.com) before entering account or payment information.
- Here's our list of the best antivirus (opens in new tab) service right now