The days of ugly-looking phish pages hosted on something akin to a Geocities page are slowly receding into the distance. For quite some time now, phish attacks have made attempts to look fairly sophisticated and stand a decent chance of fooling anyone not keeping their guard up.
Today, we have a good example of this with a Netflix phish currently in circulation and (potentially) dropping into a mailbox near you. Netflix is a frequent target of all manner of scams, and is a popular go-to for phishers.
Here’s the email that kickstarts the process:
Apart from the clunky typo in the small print, this is a fairly convincing email scam, combining someone who knows how to make an email not look terrible with the imminent threat of losing access. Having said that, you’ll notice the mail system above flagged it as suspicious anyway. This isn’t the case for all email clients, however, and one shouldn’t assume nothing slips through the cracks. The destination site, located at login(dot)netflix-activate(dot)com, appropriates a standard, no-frills Netflix login screen.
The phish itself consists of a grab for personal information including name, address, phone number, and date of birth. After that, they try and swipe payment information, asking for the name as written on the card, card number, expiry date, security code, and even a cheap grab at a security question answer for good measure.
These emails follow a similar format as the Apple phishes in February, and indeed quite a few others going around at the moment (also Apple-centric, so constant service-related vigilance is the order of the day). Phishing emails won’t be going away anytime soon, and the people behind them keep striving to make their fake-outs ever more believable. It’s up to us to do what we can, and consign their sneaky missives to the recycle bin. Your bank account will thank you for it.