Don’t fall for messages alerting Netflix users about suspended accounts. Cybercriminals are running a malicious campaign and trying to steal Netflix credentials and credit card information, security firm Bitdefender warns.
The ‘very large’ SMS scare campaigns started in September and are still active in many regions.
“It spans 23 countries. Some of the most affected countries include Germany and Spain, but the United States is on that list, along with France, Greece, Portugal, Australia, and many others,” Bitdefender said.
“These SMS scare campaigns targeting Netflix customers have become ubiquitous and never stop, but they vary in size and scope.”
The current fraudulent messages alert users about nonexistent issues.
“NETFLIX : There was an issue processing your payment. To keep your services active, please sign in and confirm your details at :
https://account-details[.]com,” one of the SMS examples in broken English reads.
Another one warns about “a failure in your recent payment.” Similar messages are localized for different markets.
However, Netflix never contacts its customers via SMS, and large companies don't send customers links asking them to authenticate.
The links usually lead to malicious phishing websites, mimicking Netflix and collecting user data.
“They want the customers' login credentials, personal information, and credit card details. The phishing websites are built specifically for this purpose,” Bitdefender said in the report.
Netflix doesn’t have two-factor authentication (2FA) and only relies on usernames and passwords, which makes it easier to hijack accounts. The stolen credentials usually end up on the dark web where they are sold in bundles for other cybercrime groups.
“Attackers have two ways to persuade people to open the link and become victims: the carrot and the stick. The first method is to promise people a prize or something to gain. The second is to create a sense of urgency that requires immediate action. Losing access to Netflix because of a missed payment might fit the definition of an emergency for a lot of people,” Bitdefender explains.
The security company recommends never opening links received from unknown sources, manually imputing web addresses when unsure, and using security solutions.
Sometimes a single click is enough to compromise system security, as malicious actors abuse discovered zero-day vulnerabilities to gain access and elevate privileges without any user input.
Your email address will not be published. Required fields are markedmarked