Security

Netflix Phishing Scam Targets Credit Card Data

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Unsuspecting users are directed to fake Netflix login pages and tricked into handing over personal details

Security resarchers discovered a phishing campaign primarily based in the US which is targeting the credit card data and other personal information of Netflix users.

The campaign mimics real Netflix web pages in order to trick unsuspecting users into handing over their personal information and multiple “evasion techniques” have been used by the attackers to avoid detection by phishing filters.

For example, the phishing pages are hosted on legitimate but compromised web servers and were not displayed to users from certain IP addresses where the DNS resolved to companies such as Google or PhishTank.

netflix-payment

Netflix scam

Writing on the FireEye blog, advanced malware researcher Mohammed Mohsin Dalla explains how the attack starts with an email notification asking users to update their account membership and includes a link directing recipients to a fake Netflix login page.

“Upon submitting their credentials, victims are then directed to webpages requesting additional membership details and payment information,” he says. “These websites also attempt to mimic authentic Netflix webpages and appear legitimate. Once the user has entered their information, they are taken to the legitimate Netflix homepage.

The campaign also uses AES encryption (Advanced Encryption Standard) to encode the content presented at the client’s side, leveraging code obfuscation to help evade text-based detection by preventing inspection of the webpage content.

“The PHP file is used to encrypt the webpages at the server side,” Dalla explains. “At the client side, the encrypted content is decoded using a defined function in the JavaScript file. Finally, the webpage is rendered using the ‘document.write’ function.”

Netflix finally completed an eight-year cloud migration project to AWS at the beginning of last year, shutting down its last data centre, but was also slammed by Greenpeace earlier this week for falling short on renewable energy commitments.

Quiz: What do you know about the past year in the world of tech?