Netflix Users Under Attack As Hackers Try to Steal Credit Card Info

Security company FireEye detected a new wave of attacks aimed at Netflix users, with cybercriminals now turning to phishing schemes in order to steal their personal information, including credit card data, social security numbers, and other details.
Although it seems that the attacks have been suspended, Netflix users in the United States should always keep an eye on emails that arrive in their inbox, as hackers are using compromised legitimate servers to create phishing pages that look real.
FireEye says that, in most cases, the client-side HTML code was obfuscated with AES encryption to evade text-based detection, while the phishing pages were not displayed to users with certain IP addresses if the DNS resolved to companies such as Google.
“The phishing kit uses techniques to evade phishing filters. One technique is the use of AES encryption to encode the content presented at the client’s side.  The purpose of using this technique is code obfuscation, which helps to evade text-based detection. By obfuscating the webpage, attackers try to deceive text-based classifiers and prevent them from inspecting webpage content,” FireEye explains.
The email notification calls for users to update their Netflix membership, and after clicking, they are prompted to input billing information, names, social security numbers, and credit card data.
平煤股份(601666)融资融券信息(01-10)
云安全与IT消费化的关联,的确,云计算、移动应用等带来了计算环境的大变化,要适应新环境,安全管理架构需要重建,必须建立以商业流程和数据为中心的保护机制。
Once these details are provided by the unsuspecting user, they are automatically sent to the attacker with the PHP mail utility, according to the security company.

Of course, the easiest way to remain secure is to avoid clicking on links that arrive in your inbox and leading to websites that you don’t trust. Since the emails seem to be coming from Netflix, it might be difficult to determine whether they’re fake or not, but as general recommendation, do not input your information on a website other than Netflix.
If you think that your account got hacked or in case you entered your personal details on what you believe to be a phishing page, you need to contact Netflix and your bank as soon as possible.
不要轻信中奖类信息,侥幸心理最要不得;不要登录钓鱼网站,尤其是要求填写个人信息的中奖网站;而曾经受骗的网友,应直接将该类网站曝光,提醒其他人,让更多无辜的人避免损失。

猜您喜欢

信息安全知识测验
EHS工作“管理要借力”
网络安全宣传动漫——在外工作时保护资产防窃
C罗:我已经缔造足坛历史奖杯数量能说明一切
GAMEDASHI ANTIVIRUS-HELPLINE
安全意识渗透测试