Cyber security experts have warned Netflix users about a new phishing campaign that attempts to steal their credit card details.
The campaign, which was uncovered by researchers at FireEye, involves an email sent to victims that asks them to update their Netflix membership details.
If they click the link, they are sent to a phishing site that asks for their Netflix login credentials as well as their personal details and credit card information.
When victims have completed these forms, the site redirects them to the legitimate Netflix homepage in an effort to make the scam harder to detect.
The researchers also noted that the client-side HTML code was obfuscated with AES encryption to evade text-based detection and the phishing pages were configured in such a way that they would not be displayed at companies including Google and PhishTank.
In a blog post analysing the campaign, the security experts said the phishing sites they observed were no longer active at the time of writing.
Internet users must be constantly on the lookout for phishing campaigns, which attempt to trick them into handing over login details and other sensitive information.
At a roundtable in December, Verizon’s managing principal for investigative response Laurance Dine said increased user awareness is key to stopping such attacks.
“Awareness is the number one way that we can combat that kind of situation,” he said of these cyber criminal tactics. “That is where we are going. That is what we have got to do. We have got to make people aware: ‘Be careful and do not click on that link.'”
To help you avoid falling victim to phishing attacks, Business Reporter has compiled a list of the top five cyber criminal tactics to watch out for in your email inbox.
For more on the Netflix phishing scam, see the FireEye blog.