The 'Update Current Billing Information' Email That Appears to Be Sent by Netflix Is FAKE
Phishing attacks are widely considered to be one of the simplest forms of cybercrime. But why is that?
Well, organizing a typical phishing campaign doesn't require a lot in the way of technical expertise. Cybercriminals can rent botnets and send out a large number of spam emails in a matter of a few clicks, and they can also borrow phishing kits, which means that they don't even need to go through the trouble of creating a convincing login form in order to steal people's data.
That being said, although phishing is a simple concept on the face of it, a successful campaign requires more than a copy of a legitimate service's sign-in page and an ability to send many emails at once. If the phishers are to steal people's data, they need to hack into something much more complicated than a computer system or a website. They need to fool the human mind, and a recent increase in the number of phishing attacks against Netflix users shows that they have a few tried and tested methods for doing that.
The coronavirus crisis leads to more phishing attacks against Netflix users
Tech news website FastCompany.com recently reported on an increase in the number of phishing attacks against Netflix users. This shouldn't really surprise anyone.
Because of the COVID-19 pandemic, quite a few people are locked at home with little to do. They are bound to rely on streaming services like Netflix to keep themselves entertained, and they are likely to be more protective of their accounts. The phishers have realized this, and they're trying to take full advantage of it.
Some of the emails Netflix users have been receiving say that the target's account might be deactivated because of outdated billing information. The user is urged to click a link and update their credit card, or they run the risk of having their binge-watching marathon cut short.
Obviously, the messages are fake, and if you receive one, you shouldn't be fooled. They are a part of a ploy to steal your financial data.
The phishers put their back into it this time
The screenshot FastCompany.com shared suggests that the messages look fairly convincing. There are no obvious spelling mistakes, the correct logo is used, and the formatting seems pretty much spot-on. This is far from the only thing that could catch some people out, though.
The social engineering techniques used in this campaign are not new or innovative, but they seem to be as effective as ever. In this particular case, by saying that the victim's subscription might be deactivated, the phishers are creating a sense of urgency.
Their goal is to get users to act quickly because when users act quickly, they are less likely to become suspicious of something. And, as we've said numerous times on these pages, often, being suspicious is the only way of protecting yourself against any form of cybercrime.
Be extremely careful with the links and attachments that arrive in your inbox, no matter how convincing they appear, and always make sure that the URL in the address bar is correct before you enter any usernames, passwords, or other personal information.