A Netflix-themed phishing scam has claimed $40,000 from victims in Singapore, where victims would first receive an e-mail purportedly from Netflix, claiming that there were issues with payment or subscription which resulted in a temporary suspension of their accounts. Upon clicking on the links, the victims would be redirected to phishing websites where they would be asked to provide their banking credentials or credit and debit card details.
Commenting on the scam, Darren Guccione, CEO and Co-Founder of cybersecurity providers Keeper Security said: ” These emails look convincing, with recognisable logos and design elements, making it easy for users to click on malicious links and end up on fake websites.”
“These phishing sites typically use small but significant changes to the destination URL, such as replacing an ‘o’ with a ‘0’ – for example Amaz0n.com instead of Amazon.com – or using a different domain extension like ‘.net’ instead of ‘.com.’.”
Photo credit: Singapore Police Force
Comments by: Darren Guccione, CEO and Co-Founder, Keeper Security
“Phishing scams often rely on visual tricks to fool people, using familiar branding and design to create a sense of legitimacy. A recent example of this is the surge in Netflix phishing emails in Singapore, which claim there are issues with your account and warn of a temporary suspension.
These emails look convincing, with recognisable logos and design elements, making it easy for users to click on malicious links and end up on fake websites.
These phishing sites typically use small but significant changes to the destination URL, such as replacing an “o” with a “0” – for example Amaz0n.com instead of Amazon.com – or using a different domain extension like “.net” instead of “.com.” The goal is to trick users into entering sensitive information like numbers or bank details, which can then be used to steal from victims. In the case of the Netflix scam, victims have already reported losing more than $40,000.
To protect yourself from these scams, it’s vital to always follow cybersecurity best practices and use tools that help identify fake websites. For example, password managers can check that the URL of a site matches the one where your login details are stored, preventing you from accidentally entering your credentials on a dangerous, fraudulent page.”