Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Blog Directory  >  Technology Blogs  >  Netflix Phishing Campaign Targets Users technology Blog  > 

Netflix Phishing Campaign Targets Users Blog
Recently, researchers of SANS Technology Institute warn about a new Netflix phishing scam which leads victims to sites with the valid Transport Layer Security (TLS) certificates. On Wednesday, the Johannes Ullrich, dean of researchers at the SANS Technology Institute, said that there had been an upmark in the Netflix phishing emails scam by using the TLS-certified sites. Johannes Ullrich also added some bad actors behind the phishing attacks would take benefits of unpatched plugins or installs, or by using the weak passwords, only to compromise common-suspect CMS software, like Drupal or WordPress. From there, they can easily create some phishing sites that might be mistaken for the real Netflix domains. In some instances, they are using wildcard DNS records. The researcher also said on the blog post, with the use of a wildcard DNS record, * will point directly to the similar IP address. The attackers will use a hostname/subdomain to start the attacks. But the researcher has also seen them by using some specific domain names which are registered for the phish. However, the attacker can obtain a TLS certificate for a hostname which is related to Netflix, like or; it helps the site in escaping being flagged by safe-browser software. Ullrich also said that the initial spoofed emails are the weakest part of the campaign, and it is very easy to spot. He also added their words on a blog post that the email was marked as spamming, and is not worded that well. In this case, the link went to the hxxps://; this domain registered only to impersonate Netflix. This type of domains is no longer resolves. After clicking on the given link, Ullrich found that the websites will appear authentic and seem similar to the real Netflix, he said that there is only one modification which he can spot is that the alternative login methods like Facebook are missing. Whereas the Netflix accounts are not particularly important, but the Ullrich said that he had seen them to offered $0.20-0.50 per account, the attack might be tempting to cyber-criminals as it can be easily automated and also very hard for the victims to spot. If a Netflix account is compromised, then it can frequently be used for a long time undetected as Netflix allows the multiple simultaneous streams for its standard and the premium accounts, said by Ullrich in their blog post. Unless the genuine user gets ‘kicked off’ for using too many streams, the reasonable user will never know that there is someone else who is using their account.” Over the years, the technique of using the TLS for phishing attacks has been considerably increased; last year, Zscaler said that they saw 400 percent boost in phishing attempts which delivered with SSL/TLS over 2016. Deepen Desai, the director of security research at Zscaler said in a post about the drastic increase in the percentage; some hackers are posting phishing pages on valid domains that they have compromised. Many of these legitimate sites was supporting the SSL/TLS, and there are few network security solutions which can support the inspection of encrypted packets at scale. However, Ullrich also mention in their post that ultimately the bad actor could have made a mistake by using TLS; as it is easy for Netflix or even for others to find the sites through the certificate transparency logs easily; and he doubts that many of the users would notice if the site did not use TLS. Though the Netflix phishing campaigns have been continuing for years, but on a recent new range of fake email and some malicious links appear to have cropped up, with a variety of law enforcement advice citizens to be lookout for the scams. A wave of police forces in Canada, for instance, has recently warned the public of a phishing scam that engages bad actors to impersonate Netflix to acquire victims banking information
2018-11-13 12:55
If you feel uncomfortable with the idea of staying around old voice recordings, we present you a simple way to clear the data on your Alexa devices to help you be relaxed. Clearing Alexa His… Read More
2018-10-30 12:28
Despite being a hardcore device, the GoPro camera has been found to have a soft spot in it. The camera can capture the high-quality videos in rough conditions and the sportspersons love to c… Read More

Share the post

Netflix Phishing Campaign Targets Users


Subscribe to Netflix Phishing Campaign Targets Users

Get updates delivered right to your inbox!

Thank you for your subscription