Threat Watch

New Netflix Attack Hides Behind Working CAPTCHA

A new wave of phishing attacks is attempting to steal payment data and login credentials from Netflix subscribers, according to Bleeping Computer. The attack originated with a “failed payment” lure in phishing email messages that redirected to a functioning CAPTCHA page to bypass email security controls. The address the email is sent from, Netfiix[@]csupport[.]co, is designed to impersonate the Netflix customer support team. The link takes the victim to a phishing page that is used to trick people into entering their credentials. After the victim enters their credentials, they are taken to another page to enter their payment data which is also captured by the attackers. None of the links on the page will take the victim to any other pages. Although the phishing website is a convincing mirror of the Netflix website, the URL in the browser is a clear indication that it is not the actual Netflix page.

ANALYST NOTES

Any time an email is received that claims that a payment failed, the receiver should be vigilant in making sure the email is legitimate before clicking any links. In this case, looking at the sender is an indication that it did not come from Netflix; the domain name in the URL, axxisgeo[.]com, provides another confirmation that the email is a fraud because it is not owned by Netflix. The attackers have hidden the phishing page behind a legitimate CAPTCHA page, which is causing some security solutions to fail at detecting the email as phishing.

More can be read here: https://www.bleepingcomputer.com/news/security/netflix-credential-phishing-hides-behind-working-captcha/