Cybersecurity experts have uncovered an SMS phishing campaign targeting Netflix users in an attempt to steal accounts and credit card information. Hackers are sending fraudulent text messages that claim the victim has failed to pay for their subscription and the account will soon be suspended.
A link is also included that takes users to a site designed to look like Netflix's platform, prompting them to give their login and credit card information. Experts urge Netflix members to be vigilant when receiving communications from the streaming giant as hidden signs point to criminal activity.
The language used in the messages is a dead giveaway, such as grammatical errors, and links with terms not associated with 'Netflix.'
Cybersecurity firm Bitdefender, which uncovered the scam, has identified the fake messages, including several with misspelled words and strange links. 'NETFLIX : There was an issue processing your payment. To keek your services active, please sign in and confirm your details at : https://account-details[.]com,' one message reads that features misspelled words.
'We will never ask you to enter your personal information in a text or email,' Netflix said in a statement about the fishy text messages. 'We will never request payment through a 3rd party vendor or website. If the text or email links to a URL that you don't recognize, don't tap or click it.'
Bitdefender found the scam has been running wild in 23 countries, including the US, since September. Other countries being targeted include Germany, Spain, France, Greece and Australia.
'A big security problem is that Netflix doesn't have 2FA (two-factor authentication) and only relies on usernames and passwords,' Bitdefender shared.
This means that Netflix customers are very exposed to account takeover attacks via credential stuffing.' Many Netflix users who have received the fake messages have shared how others can avoid being scammed.
Miguel A. Calles, a security analyst, posted a message he received: Notice that 'http://netflix.com' is at the start of the domain. So it must be valid at first glance, right? 'Did you notice the address starts with "http://" instead of "https://" that Netflix and other major companies enforce?'
He continued to explain that criminals will also add '911' in the URL to spark urgency among victims.
'Having this number in the address plays with our subconscious that we must react right away,' Calles added, urging users to never click links from unknown text message senders.
If users accidentally click the link, Bitdefender explains how criminals go lengths steal data money:
'Funnily enough they first want see if you're robot likely done give potential victims false sense security reinforce impression visiting official website,' firm shared. The next step is collect credentials from customers inputs those attackers them Once login information given alert appears screen another option make payment even option pay Gift Card instead credit just good said offer purchase cards worth noting they're available every region If fall scam explained credentials payment likely end dark web sold bundles single item.