Any popular platform is an attractive target for phishers, and with more than 167 million subscribers worldwide, the Netflix streaming service certainly falls into that category. While Netflix may not seem a key target for phishers, a successful attack could give scammers access to credit card and banking information.

Netflix phishing scams are common, so it is not unusual to see yet another scam launched, but one of the latest uses a novel tactic to evade security solutions. By incorporating a CAPTCHA challenge, it is harder for security solutions to access the phishing websites and identify their malicious nature.

This Netflix phishing scam starts with an email like many other Netflix scams that precede it. The emails appear to have been sent from the Netflix customer support team and advise the recipient there has been a problem with billing for the latest monthly payment. As a result, the subscription will be suspended in the next 24 hours.

The Netflix user is provided with a link to click and they are told they need to update their information on file. The emails also include a link to unsubscribe and manage communication preferences, although they do not work.

As with most phishing scams there is urgency and a threat. Update your information within 24 hours or you will lose access to the service. Clicking the link will direct the user to a fully functioning CAPTCHA page, where they are required to go through the standard CAPTCHA checks to verify they are not a bot. If the CAPTCHA challenge is passed, the user will be directed to a hijacked domain where they are presented with the standard Netflix sign-in page.

They must sign-in, then they are asked to enter their billing address, along with their full name and date of birth, followed by a second page where they are asked for their card number, expiry date, CVV code, and optional fields for their bank sort code, account number, and bank name. If the information is entered, they are told that they have correctly verified their information and they will be redirected to the real Netflix page, most likely unaware that they have given highly sensitive information to the scammers.

Anti-Phishing Demo
Protect your MSP clients with the newest zero-day threat protection and intelligence against anti-phishing, business email compromise and zero-day attacks with PhishTitan.
Free Demo

There have been many Netflix phishing emails intercepted over the past few months claiming accounts have been put on hold due to problems with payments. The emails are convincing and very closely resemble the emails sent out regularly by Netflix to service subscribers. The emails feature the Netflix logo, correct color schemes, and direct the recipients to very realistic looking login pages.

What all of these emails have in common is they link to a domain other than Netflix.com. If you receive an email from Netflix, especially one that contains some sort of warning or threat, login to the site by typing the correct domain into the address bar and always make sure you are on the correct website before entering any sensitive information.