A cybersecurity company warned about a phishing campaign deployed on a global scale that deceives users making them believe that they did not pay for their Netflix subscription and then stealing their credentials the platform and your credit card information.
According to the firm Bitdefenderin recent months they have detected cases of this type of attack in at least 23 countries, in which the same deceptive modus operandi is repeated that appeals to the user’s urgency to make them make a mistake.
Netflix has become, by far, the largest streaming platform on the planet, making it an ideal hook to use in attacks. Phishing schemes targeting consumers are typically not specific, as scammers fire off large-scale messages in hopes of catching at least a few victims that make the entire operation profitable. That’s why using Netflix as an excuse allows them to have a greater reach.
According to data provided by victims, attackers use two approaches to persuade people to open the link: reward and punishment. “The first method is to promise people a prize or something to win. The second is to create a sense of urgency that requires immediate action. Losing access to Netflix for a payment that didn’t come in could fit the definition of an emergency for many people,” the Bitdefender report states.
That’s when they send users a link via SMS to click. “Leaving aside the fact that Netflix does not contact its customers by SMS, if there is one thing that companies will not do, it is ask their customers to give them a link and ask them to authenticate,” they warn.
“There is a good chance that users will quickly recognize that something is wrong with the SMS message, but not all will be careful. And the fear of losing the account may be so great that they cannot reason where they are entering,” they add.
Although the campaign spans so many countries, the SMS messages are very similar to each other. In most cases the language barely changes. As they were able to compile from Bitdefender, the message in Spanish is as follows: “NETFLIX: There was a problem processing your payment. To keep your services active, please log in and confirm your details in…” and the malicious link where it is entered.
“NETFLIX: Your last payment has been declined, your account will be suspended on 12/01/2024. Renew your payment in…” It is another of the variants that was registered.
In some cases, the links seem official since the Netflix name is used to give it more credibility.
For this particular campaign, the information sought is customers’ login credentials, personal information, and credit card details. “A big security issue is that Netflix does not have 2FA (two-factor authentication) and only relies on usernames and passwords. This means that Netflix customers are highly exposed to account takeover attacks via the credential stuffing,” they explain.
In the cases detected, The first step that the app asks for is to collect the credentials of Netflix customers. As soon as the user enters those credentials, the attackers have them. The attackers will then ask for personal details before requesting credit card information. The attack has been completed, and the criminals now have access to all the victim’s information.
According to the company, Netflix credentials and payment information likely end up on the dark web, where they are sold in packages or as a single item.