New Phishing Campaigns Target Netflix Users and AMEX Customers

• Two new well-crafted phishing campaigns are underway, targeting AMEX and Netflix users.
• The messages warn the recipients of a problem with their account or payment details.
• The form that the victims are urged to fill out asks them to voluntarily hand over everything.

According to the Windows Defender Security Intelligence Team, there are two new phishing campaigns out there right now, targeting Netflix users and AMEX (American Express) customers. Both campaigns are very well crafted and feature convincing fill-out forms, legitimate logos, and faithfully mimicked web pages. The campaigns were kickstarted in the weekend, and are currently on their peak, so users are advised to be extra careful with the messages they receive.

Two massive, still-active phishing campaigns targeting Netflix and AMEX emerged over the weekend, the Office 365 Threat Research team has discovered. Machine learning and detonation-based protections in Office 365 ATP protect customers both campaigns.

— Microsoft Threat Intelligence (@MsftSecIntel) March 19, 2019

Starting with the Netflix one, the recipient will see an email saying that their “account is on hold because of a problem with their last payment”. The message is accompanied by the Netflix logo, and it doesn’t contain any typos or grammar errors that are usually present in phishing campaigns. If convinced, the victim is directed to a “billing information” form that asks for their full card number details (even the PIN), as well as their personal identification details (even the social security number).

The setting on the American Express campaign is similar. Customers receive a “Notice Concerning their CardMember Account”, claiming that the receptor needs to go through a re-authentication process for security reasons, following a recent update on the financial service’s online platform. The message urges the recipients to download and fill out the attached form, which is of course, well-made, and fake. The form asks for all the identification and card information details that the actors could possibly need, going to the extent of asking for the victim’s first elementary school, their mother’s name and birth date, and the PIN of the card.

In general, the Windows Defender team warns that phishing attacks have gone up by 250% throughout the duration of the previous year, and they highlight the fact that 20% of the recipients of phishing messages click on the redirecting links within the first five minutes. This is indicative of a characteristic lack of calmness, and more than enough for phishing actors to keep up and even step up their game. To protect yourself from these attacks, stay calm, examine the sender’s address, evaluate the claims by actually testing your access to the platform (in this case, Netflix and AMEX), and cross-check the warnings about your account by logging in to the platform. When clicking on a link that directs you somewhere, examine the URL that you landed on. Finally, never download attachments from untrusted sources or emails that you didn’t expect.

Have you received a message from the campaigns described in this post? Share your experience with us in the comments section below, or on our socials, on Facebook and Twitter.