Netflix Phishing Campaign Steals Customers' Credit Card Details

Netflix customers are being targeted by hackers posing as employees of the video streaming website in order to steal their credit card details.

Researchers at the cybersecurity firm PhishMe uncovered the phishing campaign, which sent out Netflix-branded emails claiming to be from the company's support team.

Emails in the campaign are addressed as "Dear Valued Customer," suggesting that it was a mass campaign, rather than a targeted one.

"We would like to inform you that you have to update your account details," the email stated. "Your membership will automatically continue as long as you choose to remain a member, we won't charge you."

A link at the bottom of the page to an "update" is provided. This leads to a fake version of Netflix's log-in page. Customers are also directed to a fake payment information page that asks for their credit card number and other personal details.

Both sets of details are sent straight to hackers if customers type them in. These can then either be used by the hackers or sold on the dark web to other hackers.

"If the threat actor can find examples of password reuse, phishing a consumer service like Netflix might lead to illicit access to an enterprise email account and associated services," said PhishMe researcher Chase Sims in a blogpost describing the campaign.

"The attacker hopes that you reuse the same password for your personal email account or, if the attacker is very lucky, for your work email account. In either case, they can now reset passwords for various other online services—banking, healthcare, social media—to pivot and carry their attack forward."

Netflix did not immediately respond to a request for comment on the phishing campaign.

Netflix is a popular target for such campaigns due to its large customer base. The streaming site has been used as part of phishing scams since as far back as 2012.

Last month, a separate phishing scam was uncovered by WGN that told Netflix users that their accounts had been disabled. In order to reactivate their account, they were told to update their payment details.

"With Netflix widely popular across the globe and password re-use rampant across multiple online services, the public must turn a very skeptical eye toward all email communication," Sims warned.

Common advice from security professionals to avoid such attacks is to not to click on links embedded in emails, especially if the sender is unfamiliar to the recipient.