Kaspersky researchers have detected a wave of phishing attacks leading to a malicious domain perfectly disguised as a legitimate Netflix landing page. As a popular streaming platform, Netflix is also a popular disguise for phishers, yet only some of the criminals go so far to create webpages in local languages and target users in particular countries.
Spam and phishing are a common mass-attack method because it is not only done at a large scale but also often uses names of the legitimate institutions and organisations, promoting fraudster’s chances of success in their hunt for innocent people’s credentials. In the case with Netflix, the choice was to target its users. “The fact is that nowadays personal information and credentials are the most valuable «digital product». We can only guess how fraudsters may exploit Netflix credentials gathered as a result of such attacks, but the scenarios are never optimistic.” – said Tatyana Shcherbakova, a security researcher at Kaspersky. “There are many variants: they might be sold on the dark web if the user has a prepaid subscription, or used later to add credibility to a malicious e-mail scheme (for instance, informing users of a necessity to pay for the account restoration and stealing money) and even blackmail. Also, when the victim’s password and login are the same as their credentials to other sensitive domains, the criminals might penetrate their social media or e-mails. This is why we always recommend using different passwords for different services and 2-factor authentification”.
Netflix has a number of measures in place to protect users’ accounts including a dedicated support page that helps identify and handle suspicious communications.
To avoid falling victim to malicious phishing pretending to be popular streaming platforms, Kaspersky recommends taking the following steps: