Hackers Target Netflix Users to Obtain Credit Card Information

There are so many different online scams to keep track of these days, it becomes increasingly difficult to separate truth from fiction. One of the latest noteworthy scams making the rounds right now involves a malicious Netflix website. More specifically, victims are redirected to a malicious Netflix site which harvests their credentials. It is evident this type of scam will only cause more problems in the future.

Beware of the Fake Netflix Scam

Part of creating a successful scam involves making victims believe they are dealing with the real product at all times. That is not all that difficult these days, as cloning websites has become increasingly easy. Even spoofing emails to make them look more legitimate has become somewhat common these days, which is a rather worrisome development in its own way.

Look at the most recent Netflix scam, for example. Victims receive an email seemingly sent to them from the company itself. Although this is clearly not the case, it is important to mention this fake message looks as professional as it could be. Different users receive different emails with personalized messages and displayed content. In the email, “Netflix” claims that the user’s account has been suspended due to a billing information error.

Users are then asked to restart their Netflix membership by visiting a link provided in the email. After clicking said link, it almost appears as if people are browsing the actual Netflix website, even though it is just a web portal designed to harvest login credentials. It is evident this tactic is rather elaborate, although the credentials themselves are not the main reason for the fake email. The criminals also hope to obtain payment card information as entered by victims, which can then be used or sold to carders.

One way in which this fake email stands out is how the criminals made a few grave errors. First of all, the sender is identified as “No Sender” in most cases, which is a grave oversight. Secondly, the email message doesn’t include victims’ usernames or email addresses. It seems something went wrong when using this email template in conjunction with a list of recipients. Such discrepancies should immediately alert recipients to the dubious nature of this email.

The fake Netflix site itself was built using WordPress, and appears to have been compromised by the criminals as well. It doesn’t take much effort to hack into WordPress backends these days, as the platform has numerous vulnerabilities and loopholes. Most of these issues are a direct result of site owners not having taken proper security precautions, though. Regardless, the fake site looks like a legitimate Netflix login portal and the billing section looks almost legitimate as well.

It is evident people need to be aware of the emails they receive. No matter who the sender claims to be, do not open any email which makes you doubt its origin or purpose. Even an email purportedly coming from Netflix can have major consequences; that much is evident. Emails like these are quickly gaining popularity, and they are not all that difficult to create in the first place. Rest assured this is not the last scam we will see involving Netflix or any other popular online service in use today.