PandaLabs, Panda Security’s anti-malware laboratory, has detected a massive attack on hundreds of users in the United States and other countries in which hackers are using emails purporting to be from Netflix in order to steal user account passwords.
The phishing attack uses a fraudulent email with the subject āNotice – Documentā, followed by a sequence of numbers such as ā941-4259ā. The email, which does a good job of impersonating an actual email sent by Netflix, asks victims to validate the login credentials they use to access the platform.
However, the link displayed does not takes users to the Netflix website, but to a fraudulent page.Ā The worst thing about this attack is not the fact that it may allow the attackers to use the stolen data to watch movies and TV shows for free, or sell the accounts to others so they can enjoy free audiovisual contents at your expense.
“The real threat lies in the fact that these criminals are selling the stolen passwords indiscriminately on the black market, which may lead to further, large-scale attacks, as many users use the same access credentials for different services and other hackers could use them to break into their email or social media accounts. There is no doubt that these attacks are masterminded by cyber-crime gangs going after people’s money,” explains Luis Corrons, Technical Director of PandaLabs.
Three easy ways to detect the Netflix phishing attack
First, take a look at the email subject. Since the email has been supposedly sent by the Marketing or Sales Department of a reputable company such as Netflix, you would expect its subject line to be a meaningful text related to its content.
That’s not the case here. If you receive an email from Netflix or any other service, free or paid, with a vague or unintelligible subject line, be wary and run an antivirus scan.
Second, the message is written in English. If you live in a non-English speaking country, this is highly suspicious unless you have set your Netflix Communication settings to receive all communications in English. Also, we recommend that you check the URL displayed on your Web browser’s address bar to make sure it doesn’t show a dubious domain name.
Finally, the second paragraph in the email reads as follows: “Failure to complete the validation process will result in a suspension of your Netflix membership.” This type of text aims at triggering a quick reaction from the victim, rushing them to update their access credentials.
However, that message is too aggressive to appear in a commercial communication, and it is highly unlikely that a reputable company such as Netflix cancels a user subscription because of a problem with their platform.
9 comments
Thank you so much for the instructions. These are really helpful. And thanks a ton for your free VPN. I am using to stream tv channels on my app
Thanks a lot!
We are glad to know you are enjoying our Free VPN!
Kind regards,
Panda Security.
Hi, thanks for sharing your informative article. I got the correct idea by your page. I am very thankful to you. I used this method to stream a live on my pc.
Thanks for reading us, John!
Glad to know you find our content useful.
Kind regards,
Panda Security.
Your VPN is too much good compare to other VPN and yes great article share.
We are glad to know you enjoy our VPN.
Thanks for your feedback!
Kind regards,
Panda Security.
Very helpful post for a VPN user. Thanks for sharing