We’ve seen countless fake pages purporting to be a bank or a popular shopping site that ask you for personal information.
This type of scam is called phishing and typically starts with an urgent-looking message in your inbox. Upon following the directions (typically clicking on a link), you’re taken to a page that looks like an exact replica of the genuine company.
Eric Lawrence, creator of the famous Fiddler web debugger, spotted a phishing attack targeting Netflix customers. Readers of this blog may remember a similar one we identified several months ago.
This new one is more sophisticated (better graphics, etc) although it does not have the tech support scam element but instead goes after your identity and wallet.
The bogus domain netflix-ssl.net (IP address: 176.74.28.254) was registered a few days ago through the “Crazy Domains FZ-LLC” registrar.
The information requested on the phishing page includes name, address and credit card details. It’s sent back to the bad guys’ server with multiple POST requests such as the one below:
POST http://netflix.co.uk.account.validation-9247424908.netflix-ssl.net/email_identifier=71a605276e146b93e52b0c1bfb98ade285c337b0a6b7e5f3f560fd5bb11f1d1c/6cde9c162b263b123b5a6f7b9e39ef7d/Sessions/Paymentsess.php HTTP/1.1 Host: netflix.co.uk.account.validation-9247424908.netflix-ssl.net nameoncard=&cardnumber=&expm=&expy=&securitycode=&accountnumber=&sortcode=&SubmitButton=Continue
Note the clever use of a long URL that resembles the genuine one and that may be particularly effective on mobile devices:
We are reporting this site to the registrar and hosting company so that it can be taken down as soon as possible.
Phishing scams are always getting more elaborate and unfortunately very hard to block because they keep popping up on new domains, registrars etc. truly making this a cat and mouse game between crooks and the security community.
While many web browsers (Internet Explorer, Google Chrome, Mozilla Firefox) do have anti-phishing technology that blocks access to fraudulent sites, there often is a bit of a lag between the time a new site comes up and when it gets blacklisted.
The best defence against these scams is awareness and suspicion from any email purporting to be from a company you deal with.
There are some telltale signs to recognize phishing attacks such as poor grammar, spelling mistakes or obviously unrelated URLs as well as a general ‘urgency’ in the tone of the message.
They will never give up….
The best thing is to never click on a link in an email
Or to right-click on the link, and select “Copy Link Location.” Then, paste it into word, your URL bar, or really any place you can paste it. Finally, you will see if the link is authentic. (Of course, if it isn’t, don’t follow the link.) Scammers use the ability to put any text to a link to their advantage.
i do have a way to defeat the scammers just open up a new tab and go to the website the email was telling you by typeing it in and then do what the email told you to do
Moral of the story? What on earth are you using lame Netflix for in the first place? There are substantially better services, offering a great deal more and a fraction to none of the price.