Daredevil hackers target Netflix users with credit card phishing scam

Attackers attempt to break bad with customers’ credit card information  

Daredevil hackers are targeting Netflix users with a new phishing attack that attempts to break bad with their credit card details.

Security outfit FireEye discovers the scam, which targets binge watchers using an email asking them to update their Netflix membership details. If users are fooled into clicking the malicious link within the email, they’ll find themselves directed to a legitimate looking Netflix login page. One signed in, they will be asked to enter further details such as their namedate of birthbilling address and payment card information, and then directed to the official Netflix website.

As pointed out by FireEye, “the scam uses some clever techniques to evade phishing filters. The first is the AES encryption, which encodes the content presented at the client’s side, and host-based evasion to ensure the phishing pages are not displayed to users at certain IP addresses.

“The host name of organisations such as ‘phishtank’ and ‘google’ are blacklisted,” FireEye explains. “The host name of the client is compared against a list of blacklisted host names. If there is a match against the blacklist, a “404 Not Found” error page is presented.

Here, the hackers add the IPs of Cybersecurity teams, which check the server for phishing script, in the blacklist. That means, when the Cybersecurity team checks the site for the phishing script, the server redirects them to a “404 – Page not Found” error. And that’s why the phishing page remains and thus Unblocked.

The security firm goes on to note that the phishing campaigns it observed are no longer active, so it’s unlikely this scam will bring whole House of Cards down for the streaming giant. Stranger Things have happened, though.

Hackers used two methods, the first involving a malware that tricked people into believing they’ve downloaded official Netflix software. Clicking on the dodgy file downloads a trojan in the form of Infostealer. Banload, which is capable of lifting sensitive information including banking details.

The second method, like this latest scam, targets users via phishing campaigns that attempted to redirect people to a fake Netflix website.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s