Phishers Are Using a Fake Netflix Website in Arabic to Steal Login Credentials
In October 2020 security researchers found a group of bad actors running a phishing campaign.
The campaign is focused on Arabic users and uses a fake Netflix page. The bad actors used convincing imagery to fool victims into entering their credentials into the phishing form that will simply steam all entered information and forward it to the hackers.
Credentials stolen this way can be used for a number of malicious purposes, from sale on the dark web, to credential stuffing, to abuse of known e-mails in later malicious e-mail scams. Of course, if a user who falls for the phishing page also uses the same password for other services and websites, they will be in a lot more trouble.
The guidelines that Netflix has provided for its users are in line with the advice we have been giving our readers when it comes to account and password security. First and foremost, never reuse passwords across services and websites.
No matter how strong your password is, if hackers grab hold of it, through a database breach or through some fault in the service that you use the password for, you will be giving the bad actors access to all other services and accounts that use the same password.
Steering clear of phishing is not as hard as it may seem
Using a strong, complex password and changing it frequently is another thing that will boost your account security significantly, regardless of the platform you use the password on.
When it comes to phishing, users should always be extra careful with any e-mail and all links that end up in their inbox. As we mentioned before, a compromised e-mail address can be used to send phishing mail from trusted sources and only close inspection of the links in the e-mail and the URLs they point to can help prevent hitting malicious sites or phishing forms on fake pages.
Even though many e-mail clients and platforms have some sort of integrated phishing protection, the best defense against phishing is being extra careful and previewing any link before clicking on it.