Another fake Netflix email turned out to be phishing scam

A Netflix phishing scam was seen loose in the wild after it prompted customers to update their login credentials or it would lock out of their account.

Researchers in Mailguard said that the scam is well designed and the mail appears to be using a template system to generate individualized mail with recipients.

The mail is designed to look more convincing by using subject lines that read “ Your suspension notification” and it is addressed to the recipient as “ Hi #name#.” The mail further read as, “ We are unable to validate your billing information for the next billing cycle of your subscription therefore we' ll suspend your membership if we don' t not receive a response from you within 48hours,” the message said. “ Obviously we' d love to have you back, simply click restart your membership to update your details and continue to enjoy all the best TV shows and movies without interruption.”

The mail also featured a restart membership button which contained the phony links to contact the company and a help centre. Votiro Security Researcher Amit Dori said users should think before they click and examine emails before responding. “ They should make sure to hover over each link to see where it leads to,” Dori said. “ Also, be sure not to provide any personal information if you' re not certain the site is legit. Be sure to check the domain and view the SSL certificate.”

Experts advice users should be vigilant about these types of attacks as the attacker can take the email addresses. Credit card numbers, and other personal information. They can be sold in the black market for a higher price.

Mimecast cybersecurity expert Matthew Gardiner told it' s easy for the cybercriminals to send out spam email campaigns to users who need personal information which at this time is a significant revenue to the cybercriminals.

Tag : Phishing
FAQ
Q
What can I do to avoid Phishing attacks?
A
Click and review these 5 essential Anti-Phishing tips to avoid being "Phished":
Q
What is Phishing?
A
Phishing is a type of attack carried out in order to steal usernames, passwords, credit card information, Social Security Numbers, and other sensitive data by masquerading as a trustworthy entity. Phishing is most often seen on campus in the form of malicious emails pretending to be from credible sources such as UC Berkeley technology departments or financial organizations related to the university.
Q
How can I identify a Phishing scam?
A
The first rule to remember: Never give out any personal information in an email. No institution, bank or otherwise, will ever ask for this information via email. It may not always be easy to tell whether an email or website is legitimate, but there are many tools to help find out.
Q
How would I know if my CalNet credentials were compromised?
A
You may not always know. Scams and malware that steal passwords are designed to be stealthy and unnoticed.

Passwords are most frequently compromised one of three ways:
Being tricked to giving up your credentials at a real-looking but scam website (AKA Phishing)
Malware or other compromise of your device which installs software designed to run in the background and steal passphrases
Re-using CalNet credentials for non-UCB websites, and the non-UCB websites are hacked and all credentials exposed
Q
Where can I learn more about avoiding Phishing scams?
A
Federal Trade Commission: Avoiding Scams 101 (link is external)
Federal Bureau of Investigation: Common Fraud Schemes and Prevention Tips