Check Point Email Security | Blog

Netflix and Steal: New Attack Targets Streaming Credentials and Payment Info

Written by Jeremy Fuchs | September 16, 2020

If you're like most people over the six months, you've spent a lot of time watching and binging shows on Netflix.

Hackers are doing the same and they know you are too—which is why they're targeting your credentials and payment information.

The Attack: Avanan researchers discovered a new phishing email that looks like this: 

If you were to click on the "Update Account Now" link, you would be taken to a Blogspot page that uses the Netflix name and would have you enter your credentials and enter your credit card details.

We stopped this attack because it hit a few key indicators:

  • It was hosted on a Blogspot page
  • The domain name was unusually old
  • The nickname in the email said "Nelflix"

Though Avanan stopped this attack, it passed by Microsoft ATP scanners.

Why it Matters: As users continue to expand their online footprint, it provides more opportunities for credential harvesting attacks. Already, credential harvesting is rising. According to the Verizon Data Breach Investigation Report, 37% of breaches stole or used credentials. Further, over 80% of breaches within hacking use lost or stolen credentials. And though this attack originated over email, as we've written before about SiteCloak Phishing, the battleground has expanded from the inbox to the web. End users have to be cognizant of every email and link they receive, especially from brands that they use. Even if it looks like it's from Netflix, it might not be.