FireEye, a security company explains that the attack campaign begins when a Netflix subscriber receives a notification asking them to update their membership. The notification includes a link that takes them to a fake Netflix login page.
Upon "signing in," a new page pops up and asks the member to validate several pieces of personal information including their name, date of birth, and place of residence. The scam then asks the user to enter in their Social Security Number and payment card details.
Once the user has submitted all of their credentials, the campaign will direct them back to the real Netflix homepage.
Netflix, which instituted a password reset in June 2016 following several of the year's mega-breaches, recommends users learn how to protect themselves by visiting https://www.netflix.com/security, where they will be reminded that Netflix never asks for personal information via email.
The Paypers. All rights reserved. No part of this site can be reproduced
without explicit permission of The Paypers(V2.3).