Your Netflix Account Requires Validation [NVF-837] is an attempt to get access to your Netflix Account. We are used to “traditional” phishing attempts, where the bad guys want access to your bank account or credit card to steal money. Or they want email details or website logins so they can use your identity to spread malware or continue phishing. But this is only the second time that I have seen a Netflix one. The previous one was some months ago
With the increasing popularity of online streaming services, we will see many more of these type of attacks. I assume that either the phishers will try to use the log ins themselves or more likely sell the details for much less than a legitimate subscription would be, along with stealing your bank and credit card details and your personal details, including email address.
The phishing website in this example is so closely named to the genuine Netflix site, that almost anybody could be fooled by it
Update 13 August 2014: Today’s phishing site is http://netflix.co.uk.account.validation-823974376.srv-id.co.uk/email_identifier=71a605276e146b93e52b0c1bfb98ade285c337b0a6b7e5f3f560fd5bb11f1d1c/0aed33d6975a495624473c86a320e834/Login.htm
Update 29 August 2014; Todays phishing site is http://netflix.co.uk.account.validation-9247424908.netflix-ssl.net/email_identifier=71a605276e146b93e52b0c1bfb98ade285c337b0a6b7e5f3f560fd5bb11f1d1c/7c656ec47915a60d6cf57c58456065ba/Login.php
To most people the site looks like Netflix.co.uk BUT what you should be looking at is the last co.uk or .net before the first / which shows you that the real site you are being sent to is srv-id.co.uk or to netflix-ssl.net and not Netflix at all.
In the unlikely even that you do fall for this or any other similar phishing attempt, you MUST contact your bank and credit card issuer immediately and get a stop put on the cards/bank account and have new cards issued. Then report the attack to Action Fraud which is the online reporting system for the UK police that deals with fraud or scams on a national or international basis
Email looks like
Dear Customer, We recently failed to validate your payment information we hold on record for your account, therefore we need to ask you to complete a brief validation process in order to verify your billing and payment details.Click here to verify your accountFailure to complete the validation process will result in a suspension of your netflix membership.We take every step needed to automatically validate our users, unfortunately in this case we were unable to verify your details. The process will only take a couple of minutes and will allow us to maintain our high standard of account security. Netflix Support Team
This message was mailed automatically by Netflix during routine security checks. We are not completely satisfied with your account information and require you to update your account to continue using our services uninterrupted.
Following the link in this Your Netflix Account Requires Validation email or other spoofed emails takes you to a website that looks exactly like the real Netflix site. You are then through loads of steps to input a lot of private and personal information, including billing address, date of birth and then to an update payment page, where they want credit card and bank details. Not only will this information enable them to use your Netflix account, but also your Bank Account, credit card details, Email details, webspace ( if you have it) They then want enough information to completely impersonate you and your identity not only in cyberspace but in real life.
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected or having your details stolen by this sort of socially engineered malware.
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email or follow links in them . Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE .SCR or .COM then it is a problem and should not be run or opened.