Threat Intel Flash: Diving into Hidden Scheduled Tasks 

Get the Latest


Phishing Campaigns Targeting Netflix and AMEX

Emerging over the weekend, two currently active massive phishing campaigns have been seen targeting American Express and Netflix users. The campaigns attempt to obtain personal information, payment details, login information, and Social Security information. Both campaigns are set up very similarly. As for Netflix, users will receive an email with a subject line stating something like, “Your account is on hold because of a problem with your last payment.” The email urges customers to update the information and it also includes an attached form which ask users to add information such as first and last names, email addresses, Social Security numbers, dates of birth, addresses, credit card numbers, expiration dates, bank names, PIN numbers, and security codes. The AMEX email contains a generic, “Notice Concerning your CardMember Account” subject line. The request is similar to that of the Netflix email and it also contains a downloadable legit-looking form for the user to fill out. The information that is asked for is slightly different, however. This form requests user ID and passwords, mother’s maiden name, mother’s date of birth and place of birth, security PIN numbers, email addresses and passwords, as well as credit card numbers, expiration dates, PIN numbers, and security codes. The source of these campaigns is unknown, but more information should be released as investigations are carried out.

Analyst Notes

If users happen to fall for the requests and fill out the forms, credit card bureaus and the social security agencies should be contacted immediately and fraud notices should be placed on the accounts. It is always safe to reach out to the supposed company that is requesting the information when emails of this nature are received. Doing so will help verify the legitimacy and users will be able to know that they should not follow through with filling out the attached forms.