FireEye, a security company explains that the attack campaign begins when a Netflix subscriber receives a notification asking them to update their membership. The notification includes a link that takes them to a fake Netflix login page.
Upon signing in, a new page pops up and asks the member to validate several pieces of personal information including their name, date of birth, and place of residence. The scam then asks the user to enter in their Social Security Number and payment card details.
Once the user has submitted all of their credentials, the campaign will direct them back to the real Netflix homepage.Netflix, which instituted a password reset in June 2016 following several of the years mega-breaches, recommends users learn how to protect themselves by visiting https://www.netflix.com/security, where they will be reminded that Netflix never asks for personal information via email.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now