A new wave of phishing attacks is attempting to steal payment data and login credentials from Netflix subscribers, according to Bleeping Computer. The attack originated with a “failed payment” lure in phishing email messages that redirected to a functioning CAPTCHA page to bypass email security controls. The address the email is sent from, Netfiix[@]csupport[.]co, is designed to impersonate the Netflix customer support team. The link takes the victim to a phishing page that is used to trick people into entering their credentials. After the victim enters their credentials, they are taken to another page to enter their payment data which is also captured by the attackers. None of the links on the page will take the victim to any other pages. Although the phishing website is a convincing mirror of the Netflix website, the URL in the browser is a clear indication that it is not the actual Netflix page.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in