Since the era of remote work began, the internet has been flooded with phishing attacks. Most cyberattacks begin with phishing followed by sneaky malware deployment and lateral distribution for further infections.

Likewise, a recent phishing campaign targeting Netflix users has been launched, aiming to steal Netflix credentials and the payment card details associated with users’ accounts.

The hackers’ plan of attack

In this particular attack, malicious actors manipulate victims into believing their Netflix subscription payment was not successful. The email is designed to look like it’s from the Netflix Customer Support team (netflix@csupport.co).

Victims are sent a phishing email that leads to a page specially crafted to look like a Netflix login page; they’re then taken through a payment form that asks for their address and payment card details. Once the victim has shared their payment information, a success message is shown to finish the process with zero suspicion.

Researchers at Armorblox, a company that combats emails attacks, identified the redirection chain in the phishing email. The attackers redirect victims to a CAPTCHA page to make the renewal process look more legitimate and evade email security solutions.

If this phishing attempt is successful, attackers will get some of the user's personal data, like their card number (along with the expiration date and CVV of that card), bank account number, physical address, and Netflix password.

How to detect this phishing attempt

Users should be aware of phishing procedures and always go through the checklist below before following the requests listed in an email that appears to be from Netflix:

  • Verify the sender’s email address.
  • Check for prior communication with that email address.
  • Check for a sense of urgency in the sender’s tone.
  • Check whether the link’s domain address and the sender details match.
  • Verify that the domain of the landing page belongs to Netflix.
  • When in doubt, always try opening a new Netflix login page window and starting the payment process from there.

Not all phishing emails can be detected—a few, like this CAPTCHA redirect exploit, can get past email security policies.

How can ManageEngine assist?

Although phishing is difficult to detect and prevent, whitelisting domains and websites can reduce the chance of your users becoming victims of a cyberattack. ManageEngine Browser Security Plus is free for 25 devices, and its browser lockdown feature can help combat phishing attacks by restricting devices to IT-approved websites and applications.