If you’ve found yourself bingeing on a Netflix television show like Orange Is The New Black or Narcos, you’ll want to be on the lookout for a new email phishing scam targeting Netflix customers.
A fraudulent email that imitates Netflix’s brand has been impacting Netflix subscribers, warning them that their account has been suspended due to payment issues. An embedded link in the email then takes victims to a phishing page where their financial details are stolen by hackers.
The phishing email was originally set to users from the domain “firstname.lastname@example.org,” but it’s important to note that cybercriminals have likely already changed tactics.
This is not the first time Netflix customers have been hit with a phishing scam, and it is not likely to be the last. Many of the same brands are repeatedly hit by phishing scams, according to a recent report from security company RiskIQ.
Software providers and healthcare companies are regularly on the top-10 most-phished brands list, according to the study, suggesting that hackers have preferred corporate targets they repeatedly attack. Financial services and consumer electronics providers are also often targeted due to the sensitive information they collect. The same consumer electronics provider was one of the top-two most phished brands in the first and second quarters, according to RiskIQ.
There is a lesson here for both email users and email marketers: lightning does strike twice in phishing. Consumers need to actively aware when checking their inbox, and should never open any suspicious emails. It is important to double-check the domain name being used to make ensure that it is a verified brand account.
Brands should also be aware of the security and financial implications of phishing scams -- and should never be lulled into a false sense of security by thinking that just because they’ve already been attacked, that they won’t be attacked again.