Emerging over the weekend, two currently active massive phishing campaigns have been seen targeting American Express and Netflix users. The campaigns attempt to obtain personal information, payment details, login information, and Social Security information. Both campaigns are set up very similarly. As for Netflix, users will receive an email with a subject line stating something like, “Your account is on hold because of a problem with your last payment.” The email urges customers to update the information and it also includes an attached form which ask users to add information such as first and last names, email addresses, Social Security numbers, dates of birth, addresses, credit card numbers, expiration dates, bank names, PIN numbers, and security codes. The AMEX email contains a generic, “Notice Concerning your CardMember Account” subject line. The request is similar to that of the Netflix email and it also contains a downloadable legit-looking form for the user to fill out. The information that is asked for is slightly different, however. This form requests user ID and passwords, mother’s maiden name, mother’s date of birth and place of birth, security PIN numbers, email addresses and passwords, as well as credit card numbers, expiration dates, PIN numbers, and security codes. The source of these campaigns is unknown, but more information should be released as investigations are carried out.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is