Attackers take advantage of people using corporate email addresses for consumer services.
While this might seem like a fruitless endeavour at first — watching TV shows and films isn’t exactly a corporate activity — there’s a significant number of people who use their business email addresses to sign up for the consumer services which they use in their free time.
The campaign aims to trick people into giving up log-in information and credit card details. The idea is that if the attackers can trick a victim into giving up their log in details, they’re able to snoop around the corporate networks and potentially steal data from any services not locked with two-factor authentication.
There’s also the prospect of the attackers cross-referencing a successfully phished corporate account with personal emails and, if the same password is shared across multiple accounts, breaking into those too.
Uncovered by researchers at PhishMe, the emails claim to be from Netflix support. The message doesn’t refer to the target by name, but just ‘Valued Customer’ — indicating this is a mass mail attack rather than any sort of targeted campaign — and asks them to click through to a link to update their account details
If the victim clicks through, they’re presented with a fake version of the Netflix login page which looks to have just ripped assets from the real thing. This fake login page asks for email address and password as the regular Netflix page would, only if they’re entered this time, those credentials are passed into the hands of hackers.
Stolen credentials can either be used by the attackers themselves, or sold to others to take advantage of.
Not content with stealing credentials, the attackers also direct the victim to a fake payment information page which says the user needs to update their details, including credit card number, security code, date of birth, zip code, and mother’s maiden name. That amount of information can easily allow hackers to carry out identity theft and fraud.
Once the information is submitted, the user is provided with a link back to Netflix itself — and may be left none the wiser that they’ve been scammed.
Netflix itself warns users to be ‘cautious of fake emails that may be phishing emails’ but more often than not, people will just click straight though to a link if it looks like a legitimate email from the company.
Those behind the business email scam scheme appear to be adept at carrying out phishing campaigns. Researchers note that email address associated with it has been recorded in five different phishing campaigns since June, targeting customers of Chase Bank, Comcast, Netflix, TD Bank, and Wells Fargo.
As a global platform with millions of users who pay to subscribe to it, Netflix has long been a target for phishing scams, with the first known instance of such an attack against a user of the service occuring in 2012.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.