The cyber criminals use various techniques to cheat to users and make them deliver their personal and financial data. On other occasions we have told you about the risks of some campaigns that are distributed by WhatsApp, but email is still a widely used medium for phishing and, today we want to warn you about a fraud that involves the name of Netflix.
The computer security company ESET identified a campaign of phishing in which the identity of the Netflix streaming platform is impersonated with the intention of steal data of the users.
According to the firm the threat is distributed through a email with the subject: “Notification alert” where it is stated that the user has a I owe accumulated on the platform that will lead to the suspension of the service if quick action is not taken.
The email presents several elements that users must take into account to discover that it is actually a scam, which are worth checking whenever there are doubts about the authenticity of a message.
The first point is that the sender’s email address, although it includes the name of the company, is not related to the official domain of Netflix.
Also read: If your Wi-Fi uses chips from these brands, your network is in danger
Another key element that ESET researchers highlight to confirm that you are facing a cheated, is the URL behind the “UPDATE YOUR PAYMENT DETAILS” button. This information is observed by positioning the pointer over the button, where the address that will be accessed if clicked is previewed, and shows that the link in the email is not an official site or registered by the brand.
It should also raise alerts that the text of the page is in English, when the original message is in Spanish.
According to the researchers, if the user falls for the scam, they will be asked to enter the complete data of the payment method used, or of a new credit card and, later, they will see a message, again in English, indicating that their account was reactivated.
Even once the user clicks on the “Continue” button, they will be directed to the official website of Netflix (site that has a valid SSL certificate and on behalf of Netflix), but this time it is in Spanish, so many will trust that the authentication process has been completed. However, your data will already be in the hands of cybercriminals.
Also read: 4 Keys to avoid phishing
Phishing grows
ESET points out that cybercriminals create campaigns where they impersonate big brands like Netflix due to the large number of users they have, which increases their chances of deceiving people.
Thus, the campaigns of social engineering and phishing are still very active so it is important to have technology of security on all devices used, including mobile phones, in addition to being alert in case of receiving a message or accessing a website of dubious origin.
“As we always say, before the slightest doubt about the legitimacy of an email, we should never click on a link that arrives unexpectedly, especially without first verifying its origin and checking that it is from an official site. On the other hand, if it was already victim of this deception and shared your personal information, we recommend modifying your access credentials on the site and those in which you use the same password, and contact your financial institution as soon as possible if you have entered credit or debit card data ”Mentioned Luis Lubeck, IT Security Specialist at ESET Latin America.
– .
