In a nutshell: Phishing scams have been around for as long as email, but a new campaign targeting Netflix subscribers is particularly clever in the way it circumvents security software and tricks victims into believing it’s legitimate.
Spotted by researchers from cloud office security company Armorblox, the phishing email claims to come from Netflix Support and warns that there’s been a verification failure of the monthly billing process. Recipients are asked to update their information via a link in the email, or their subscription will be suspended.
What’s different about this scam is that clicking the link directs people to a working Captcha that looks as if it’s part of Netflix’s site. Designed to identify whether someone is human or a bot, the forms populate the internet and in this instance act as reassurance that the site is genuine.
Once the target has passed the Captcha, they’re taken to what looks like Netflix’s login page. There are warning signs, though: the address bar reveals this isn’t Netflix’s domain, and clicking on the links just reloads the page.
After ‘logging in,’ victims are then asked to update their billing address and payment details before being told the process was a success. At this point, they’re automatically redirected to the real Netflix homepage, and the scammers have all their sensitive data.
One way this scam differs itself from other phishing emails is through the use of the Captcha, which hides the actual landing page from security software that analyzes URL redirection. Additionally, all the pages are hosted on legitimate domains, including the fake Netflix site, which is hosted by a Texas oil and gas company.
“Attackers likely exploited vulnerabilities in the web server or the Content Management Systems (CMS) to host these pages on legitimate parent domains without the website admins knowing,” writes ArmorBlox.
Readers of this site know never to click on a link inside an email and would spot the incorrect URL on the fake Netflix page, but the Captcha could convince plenty of less tech-savvy users that the site is real.