Security company FireEye detected a new wave of attacks aimed at Netflix users, with cybercriminals now turning to phishing schemes in order to steal their personal information, including credit card data, social security numbers, and other details.
Although it seems that the attacks have been suspended, Netflix users in the United States should always keep an eye on emails that arrive in their inbox, as hackers are using compromised legitimate servers to create phishing pages that look real.
FireEye says that, in most cases, the client-side HTML code was obfuscated with AES encryption to evade text-based detection, while the phishing pages were not displayed to users with certain IP addresses if the DNS resolved to companies such as Google.
“The phishing kit uses techniques to evade phishing filters. One technique is the use of AES encryption to encode the content presented at the client’s side. The purpose of using this technique is code obfuscation, which helps to evade text-based detection. By obfuscating the webpage, attackers try to deceive text-based classifiers and prevent them from inspecting webpage content,” FireEye explains.
The email notification calls for users to update their Netflix membership, and after clicking, they are prompted to input billing information, names, social security numbers, and credit card data.
Once these details are provided by the unsuspecting user, they are automatically sent to the attacker with the PHP mail utility, according to the security company.
Of course, the easiest way to remain secure is to avoid clicking on links that arrive in your inbox and leading to websites that you don’t trust. Since the emails seem to be coming from Netflix, it might be difficult to determine whether they’re fake or not, but as general recommendation, do not input your information on a website other than Netflix.
If you think that your account got hacked or in case you entered your personal details on what you believe to be a phishing page, you need to contact Netflix and your bank as soon as possible.