New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Fake Netflix Phishing Emails

A new phishing email asking users to update their payment information on Netflix has been making the rounds since the 29th of October in a bid to harvest users’ credit card data, according to MailGuard. The email, which contains the Netflix logo, informs customers that a change has been “noticed” in their Netflix account, and they are advised to update their payment information immediately, with a link provided to do so. “This is also a phishing page designed to harvest confidential payment data of users,” MailGuard stated. But while it may look legitimate on the surface, MailGuard stated there are some pretty clear red flags. “There are several grammatical and spelling errors within the body, such as “update payment information to Netflix.” Spacing errors are also present throughout the email, a trait that is not likely to be present if the email was being sent from a well-established organization such as Netflix.

Analyst Notes

When receiving any email that mentions or asks about sensitive payment information, recipients must verify that the sender is the actual company that they are subscribed to. Looking at the sender’s email address is a great indicator to determine if the sender is legitimate or not. Large corporations, such as Netflix, spend large amounts of time and money in making sure that their information is as professional as possible so if a person sees any type of grammatical error then the email is most likely not from the actual company and should be deleted.