January 10, 2017
Security company FireEye detected a new wave of attacks aimed at Netflix users, with cybercriminals now turning to phishing schemes in order to steal their personal information, including credit card data, social security numbers, and other details.
Although it seems that the attacks have been suspended, Netflix users in the United States should always keep an eye on emails that arrive in their inbox, as hackers are using compromised legitimate servers to create phishing pages that look real
FireEye says that, in most cases, the client-side HTML code was obfuscated with AES encryption to evade text-based detection, while the phishing pages were not displayed to users with certain IP addresses if the DNS resolved to companies such as Google.
“The phishing kit uses techniques to evade phishing filters. One technique is the use of AES encryption to encode the content presented at the client’s side. The purpose of using this technique is code obfuscation, which helps to evade text-based detection. By obfuscating the webpage, attackers try to deceive text-based classifiers and prevent them from inspecting webpage content,” FireEye explains.
“Do not open links landing in your inbox”
The email notification calls for users to update their Netflix membership, and after clicking, they are prompted to input billing information, names, social security numbers, and credit card data.
Once these details are provided by the unsuspecting user, they are automatically sent to the attacker with the PHP mail utility, according to the security company.