Close Menu
    Facebook X (Twitter) Instagram
    Trending
    • 5 Active Malware Campaigns in Early 2025: What You Need to Know
    • 10 Critical Network Pentest Findings IT Teams Overlook
    • Report Phishing Instantly with PhishAlarm
    • Password Reuse Epidemic: Nearly Half of User Logins Compromised
    • Women in Cybersecurity: Interest, Exposure, or Just Stereotypes??
    • Stay Ahead of Scammers in 2025
    • Cybersecurity Alert: Risks of Abandoned Websites
    • DHS Unveils Playbook for the Deployment of Artificial Intelligence for the Public Sector
    Fordham University Information Security and Assurance
    • Information Security and Assurance Homepage
    • Privacy Blog
    • About
    Fordham University Information Security and Assurance
    You are at:Home»Phishing Email»New Email Scam Using Fake Netflix Website
    Phishing Email

    New Email Scam Using Fake Netflix Website

    By Christopher JohnsonNovember 6, 20173 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Copy Link

    Via: mailguard.com.au

    A scam email has appeared today that is pretending to be from Netflix. MailGuard detected the new scam early this morning, and stopped the malicious emails from entering our client’s inboxes.

    This scam email is relatively well designed. The scammers are using a template system to generate individualised messages with specific recipient data.

    This works like a mail-merge; the body of the email is generic, but the sender field is designed to show the name of the intended victim, which personalises the scam making it more convincing.

    In this case the scammer’s system has not worked as well as they hoped and in the example below – screen-captured by our operations team – you can see that the ‘recipient’ field in the email has not been merged successfully. Instead of the victim’s name, it shows the placeholder instead:

     

    Screen Shot 2017-11-03 at 11.23.26-1.png

    Aside from the error with the recipient name field, this email looks quite convincing. The message tells the intended victim that their Netflix billing information has been invalidated and urges them to update their details on the website. If the recipient clicks the link in the email they are taken to a fake Netflix page, that asks them to log in and then enter their personal information, including credit card details.

    Of course, this website is completely bogus and is just a mechanism for the scammers to steal the victim’s identity and credit card information.

    The fake Netflix site this scam is using is built on a compromised WordPress blog. Scammers can break into WordPress sites by making use of vulnerabilities in blog plugins and once in, they can make the website look enough like a real Netflix login page to trick their victims – as shown in the screenshot above.

    Screen Shot 2017-11-03 at 11.24.52.png

    Screen Shot 2017-11-03 at 11.25.22.png

    With the detailed data the fake website form asks for: address; credit card details; driver’s license; mother’s maiden name; etc, the scammers could potentially execute an identity theft and gain access to the victim’s bank accounts as well as their credit cards.

    Once the fake website has collected all the sensitive data the scammers want, the victim is shown a reassuring ‘reactivation’ screen.

    Screen Shot 2017-11-03 at 11.26.15.png

    If you receive an email from Netflix today, ‘Chill,’ but don’t click without thinking first. Scammers can make their fake emails and bogus websites look pretty convincing, so it’s always a good idea to check carefully that the email comes from the actual company domain and not a scammer.

    Think Before You Click:

    – Always hover your mouse over links within emails and check the domain they’re pointing to. If they look suspicious or unfamiliar don’t open them.

    – Cybersecurity threats take many different forms from simple spyware downloads to sophisticated ransomware attacks. Your business can be exposed to a wide variety of different vectors: through peripherals; USB devices; networks; attachments; etc. Security best practice recommends a layered defence strategy to protect users against web threats and malware.

    Share this:

    • Click to share on X (Opens in new window) X
    • Click to share on Facebook (Opens in new window) Facebook
    • Click to share on LinkedIn (Opens in new window) LinkedIn

    Like this:

    Like Loading...
    Previous ArticleSteps you can take to keep your mobile device safe.
    Next Article Holiday Shopping 2017: How to avoid fake retail sites and other scams

    Related Posts

    5 Active Malware Campaigns in Early 2025: What You Need to Know

    10 Critical Network Pentest Findings IT Teams Overlook

    Report Phishing Instantly with PhishAlarm

    Follow Us on Twitter!
    Follow @FordhamSecureIT
    My Tweets
    Archives
    Categories
    • AI (1)
    • Alerts (384)
    • CISO (19)
    • Cyber Security Awareness Month Tip (150)
    • Data Privacy Week (2)
    • Executive Director (1)
    • Exploits and Vulnerabilities (35)
    • General Information (34)
    • Identity and Access Management (12)
    • Identity Theft (26)
    • Jason Benedict (19)
    • Legitimate Email (14)
    • Malicious Email (24)
    • Mobile (25)
    • Network Security (2)
    • News and Events (143)
    • Newsletter (13)
    • Password (17)
    • Phishing (333)
    • Phishing Email (340)
    • Privacy (10)
    • Ransomware (9)
    • Scam (104)
    • Security Awareness (262)
    • Security Guides (34)
    • Social Engineering (12)
    • SPAM (40)
    • Suspicious (6)
    • Telework (2)
    • Teleworking (3)
    • Trojan (7)
    • Uncategorized (9)
    • Virtual Meeting (4)
    • Virus (28)
    • Viruses (8)
    • World Backup Day (1)
    • Zoom (6)
    Tag Cloud
    Alerts Artificial Intelligence Backups cell phones CISO Cybersecurity Awareness Month Tip Cybersecurity Month Data Privacy Device email Exploits and Vulnerabilities fordham fraud Identity and Access Management Identity Theft Information Security Guides Jason Benedict Legitimate Email malicious email Mobile Multi-Factor Authentication networks Network Security News and Events Newsletter online safety Online Shopping Password Phishing Phishing Email Privacy ransomware scam scams Security Awareness social engineering Social Media spam trojan Virus Viruses Wireless wire transfer scam World Backup Day zoom
    About
    About

    Founded in 1841, Fordham is the Jesuit University of New York, offering exceptional education distinguished by the Jesuit tradition to more than 15,100 students in its four undergraduate colleges and its six graduate and professional schools.

    Copyright © Fordham University
    Facebook X (Twitter) Instagram YouTube LinkedIn
    © 2025 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.

    %d