Netflix is one of the most popular video streaming platforms in the world, with over 200 million paying subscribers. The large number of subscribers has attracted threat groups that are looking to score with a social engineering campaign.

Scammers send phishing emails trying to convince Netflix users that their account is somehow in jeopardy, and rectifying the situation calls for them to update their credit card details and other personally identifiable Information (PII).


HTML Phishing Method Preferred

An instance of a phishing attack was discovered in August, but with a twist to the usual phishing plot. The PII data was harvested by using zipped files to compress malicious HTML attachments. In order to cover the malware’s tracks, the malicious site would be hosted on the victim’s computer instead of the internet. Thus, standard URL reputation checks are being avoided and the phishing attack can go undetected since it is not hosted on the internet.

According to Cybernews, the attackers’ would also use spoofed email addresses to make it as if the emails came from Netflix’s actual domain, impersonating the brand. The emails were sent through an abused mail server controlled by a university in Peru. The email would say that Netflix was unable to collect payments because the method of payment is no longer valid or expired and to resolve the issue, they would have to update their payment method. The only attachment in the email would be the aforementioned zip file, which once clicked would unzip an HTML file that builds a PII to harvest the user’s data.

How to Prevent Future Phishing Attempts?

Scams aren’t as easy to spot nowadays as they were to be a few years ago. Typos, dodgy logos, strange choices of words, or suspicious URLs aren’t as common as they used to be. Today, phishing attacks of such are doing a good job at impersonating businesses and the signs of potential malware are so well hidden that they would be hard to spot even by some professionals. To make sure you stay protected on the internet, take into consideration the following recommendations:

  • Pay attention when downloading email attachments, especially zip files as their content cannot be previewed;
  • Hover over URLs before clicking them and check if they are leading you towards a website or a local file;
  • Disable pop-ups and macro attachments, as they are very often used to deliver phishing attacks;
  • Use a strong antivirus solution that can scan any trace of malicious code injection, and get rid of it, such as Heimdal® Next-Gen Antivirus Home.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Heimdal™ Threat Hunting Journal July 2022 Edition

Phishing Threat Actors Still Fond of HTML Attachments

What Is Social Engineering?

What Is Email Spoofing and How to Stay Protected

Phishing attacks explained: How it works, Types, Prevention and Statistics

Leave a Reply

Your email address will not be published. Required fields are marked *