Kaspersky researchers have detected a wave of phishing attacks leading to a malicious domain perfectly disguised as a legitimate Netflix landing page. As a popular streaming platform, Netflix is also a popular disguise for phishers, yet only some of the criminals go so far to create webpages in local languages and target users in particular countries.
Spam and phishing are a common mass-attack method because it is not only done at a large scale but also often uses names of the legitimate institutions and organisations, promoting fraudster’s chances of success in their hunt for innocent people’s credentials. In the case with Netflix, the choice was to target its users.
“The fact is that nowadays personal information and credentials are the most valuable «digital product». We can only guess how fraudsters may exploit Netflix credentials gathered as a result of such attacks, but the scenarios are never optimistic.” – said Tatyana Shcherbakova, a security researcher at Kaspersky. “There are many variants: they might be sold on the dark web if the user has a prepaid subscription, or used later to add credibility to a malicious e-mail scheme (for instance, informing users of a necessity to pay for the account restoration and stealing money) and even blackmail. Also, when the victim’s password and login are the same as their credentials to other sensitive domains, the criminals might penetrate their social media or e-mails. This is why we always recommend using different passwords for different services and 2-factor authentification”.
Netflix has a number of measures in place to protect users’ accounts including a dedicated support page that helps identify and handle suspicious communications.
To avoid falling victim to malicious phishing pretending to be popular streaming platforms, Kaspersky recommends taking the following steps:
- Always check online addresses in unknown or unexpected messages, whether it is the web address of the site to which you are directed, the link address in a message, and even the sender’s email address, to make sure they are genuine and that the link in the message doesn’t cover another hyperlink.
- If you are not sure that the website is genuine and secure, never enter your credentials. If you think that you have may have entered your login and password on a fake page, immediately change your password and call your bank or another payment provider if you think your card details were compromised.
- Use different, strong passwords for each of your accounts and two-factor authentication.
- Use a reliable security solution, such as Kaspersky Security Cloud, for comprehensive protection from a wide range of threats.