How Not To Fall For Netflix and AMEX Phishing Campaigns
Both American Express and Netflix enjoy a lion share of their respective customer base, they offer their customers a convenient way to shop and watch whatever movie they wish respectively. As they fully support millions of customers all at the same time, they attract attention not only of their target market but also those who wish to “profit” off their success. American Express and Netflix are at the center of a nasty scheme that Windows Defender Security Intelligence at Microsoft has revealed in their recent Twitter announcement.
High-level phishing campaigns targeting American Express and Netflix customers is circulating on the Internet. Theft against people’s personal information, especially those connected with credit card data and social security details are not new, but the two parallel campaigns are set in scamming American Express and Netflix customers with the use of fake, yet authentic-looking messages through email.
“Two massive, still-active phishing campaigns targeting Netflix and AMEX emerged over the weekend, the Office 365 Threat Research team has discovered. Machine learning and detonation-based protections in Office 365 ATP protect customers both campaigns,” said @WDSecurity, the official Twitter account of Windows Defender Security Intelligence.
For Netflix customers, they may receive a genuinely-looking email, written in a professional sounding Netflix-style tone claiming about a payment error in their system, hence the user’s Netflix account is invalid. After a few sentences containing attempts of persuasion, the reader is encouraged to open the attached .html file in order to provide the “correct” personal information (including credit/debit card) in order for “Netflix” to resolve the issue. The attached html file when opened will provide a user with a form, very much resembling the Netflix account creation form. When an unsuspecting user completes the form and clicks submit, the information encoded in the form will be sent to the phisher’s direction instead.
The phishing campaign against AMEX customers is comparable with the Netflix phishing campaign, as the message to the customer announcing that AMEX updated its system. As the email claimed that during the roll-out of their new system, the customer needs to update their information with AMEX. An .html file attachment comes with the email, and the customer is directed to open it on a browser. The HTML file is made to look like a legitimate customer-validation page for AMEX cardholders. Similar to the scheme used against Netflix customers, the form provided is not a legitimate one, but rather the information will be submitted to the phishers instead of AMEX.
All Internet users, especially those who deal with online services should make sure that they only enter information in a web form if it is encrypted. This can be identified with a padlock icon at the left side of the URL and an “https” preceding the domain name of the site, as this ensures that the connection is secure between you and the web service that requires information. Secondly, there is no such thing as information validation for a legitimate web service, be it Netflix, AMEX or others. During the initial sign-up, the user provided all the necessary information to the web service, and they will never ask for it again, as the information is already recorded in their customer database.
A level of skepticism is necessary so as not to fall for phishing attempts. Users need to ask themselves the question, why a random email asks for information that was already provided earlier.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.