Cybersecurity experts have uncovered an SMS phishing campaign targeting Netflix users in an attempt to steal accounts and credit card information.
Hackers are sending fraudulent text messages that claim the victim has failed to pay for their subscription and the account will soon be suspended. A link is also included that takes users to a site designed to look like Netflix's platform, prompting them to give their login and credit card information.
"NETFLIX : There was an issue processing your payment. To keek your services active, please sign in and confirm your details at : https://account-details[.]com," one message reads that features misspelled words.
Experts urge Netflix members to be vigilant when receiving communications from the streaming giant as hidden signs point to criminal activity. The language used in the messages is a dead giveaway, such as grammatical errors, and links with terms not associated with 'Netflix.'
Cybersecurity firm Bitdefender, which uncovered the scam, has identified the fake messages, including several with misspelled words and strange links. Bitdefender has urged users to never open messages from unknown senders and if they do, do not click links accompanied with the text.
"We will never ask you to enter your personal information in a text or email," Netflix said in a statement about the fishy text messages. "We will never request payment through a 3rd party vendor or website. If the text or email links to a URL that you don't recognize, don't tap or click it."
Bitdefender found the scam has been running wild in 23 countries, including the US, since September. Other countries being targeted include Germany, Spain, France, Greece and Australia.
"A big security problem is that Netflix doesn't have 2FA (two-factor authentication) and only relies on usernames and passwords," Bitdefender shared. "This means that Netflix customers are very exposed to account takeover attacks via credential stuffing."
Miguel A. Calles, a security analyst, posted a message he received: Notice that 'http://netflix.com' is at the start of the domain. So it must be valid at first glance?
'Did you notice the address starts with "http://" instead of "https://" that Netflix and other major companies enforce?' He continued explaining criminals will also add '911' in URLs to spark urgency among victims.
'Having this number in the address plays with our subconscious that we must react right away,' Calles added, urging users never to click links from unknown text message senders.
'Funnily enough,' Bitdefender explains about accidentally clicking on these links: 'they first want to see if you're a robot...The next step is collecting credentials from Netflix customers.'