Netflix’s popularity continues to grow fast, and they recently launched their streaming service globally. Obviously that makes them a hacker target. At the moment, there are active malware and phishing campaigns targeting Netflix users. The operations are fairly sophisticated, so it is likely this is the work of an Eastern European cybermafia.
Some of the campaigns are dropping actual malware on the box, others phish for the user's login and/or payment information and sell these on the dark web. All of the campaigns start with some form of social engineering.
In the case of malware, users infect their machine at the moment where they are tricked into acting on a fake ad for a cheaper version of Netflix. Once installed, the malware poses as Netflix and compromises the system with a Trojan.
Symantec researchers wrote about one good example of credentials-phishing that targets Danish Netflix users. A fake email tried to trick them into updating their account due to a payment issue, mistakenly sending their bank details directly into the hands of cyber scammers.
I suggest you send the following to your employees, friends and family:
"Cybercriminals are targeting Netflix users with several scams you need to watch out for. Some of these scams claim you need to update your payment information, and others try to trick you into downloading software for a cheaper version of Netflix. Do not fall victim for any of these tricks.
Only download Netflix software from the Netflix website or official app stores, and always go to these websites yourself instead of clicking on a link in an email. Also, if you receive an email that looks like it is from Netflix, and claim you need to update payment information, do not click on any links or open any attachments. Go to the Netflix website yourself using your browser and check your account. Call their customer service if you want to be 100% sure, using the 800 number you found on their website."
For KnowBe4 customers, send your users a phishing security test to inoculate them against Netflix scams. You can find the template in Phishing -> Email Templates -> System Templates -> Current Events -> "Netflix Alerts: Your payment was declined". This template has a difficulty rating of 4 out of 5.
Let's stay safe out there.
Founder and CEO, KnowBe4, Inc.