Netflix – Phishing Scam Uses Fake Netflix Login Screen

A recent Netflix phishing scam used a fake Netflix login screen to potentially steal thousands of user account information. This phishing scam is being propagated via email messages. Also, some credit card information was accessed.

Some scam, phishing, and spam systems were not able to detect this phishing scam. FireEye, a security research company was the first individuals to notice this Netflix scam. This companies email threat prevention tool detected this scam.

According to this company, only Netflix users in the United States were targeted.

* Phishing pages were hosted on legitimate hacked web servers
* Client side HTML code obfuscated with AES encryption to avoid detection
* Phishing pages not displayed to users from IP addresses resolved to Google PhishTank, etc. DNS

FireEye claims that these phishing websites are no longer functional. Netflix users are asked through email to update their membership information. A web link inside this email message then sends these users to a phony Netflix login page.

Once a user enters their login information, they are taken to another phony Netflix page that asks for additional account information and even payment information, such as credit card numbers. Once a user enters this additional information then they are taken to the legitimate Netflix homepage. This information was encrypted to avoid detection.

PHP mail was used by these attackers to receive account and payment information, from their victims. You can check out Netflix’s security page, for more security information. This page will give you tips on how to secure your Netflix account information.

I have never used Netflix. Believe it or not, I have not even registered for one of their free trials. Phishing scams are nothing new to the Internet and more specifically succinctly websites.

Netflix is not the first nor the last large corporation to have suffered one of these phishing scams.