A PHISHING AWARENESS OUTFIT has discovered a phishing attack that targets both the business and personal accounts of Netflix users.
PhishMe, the angling outfit, reports that the phishing attack looks like a Netflix account renewal email and smells like a Netflix account renewal email. It adds that the option to update bags the phishing bad guys debit or credit card details as well as the usual personal information.
The card swipe is a big one and unlike regular payment taking forms it wants your mother's maiden name. This may be a red flag for some, but with people we cannot be sure.
"Everyone has accounts for these consumer services. Attackers are not always discriminant in who receives their phishing messages. If the threat actor can find examples of password reuse, phishing a consumer service like Netflix might lead to illicit access to an enterprise email account and associated services," it said.
"A most-recent example shows a message that again spoofs Netflix but also collects credit card details." The third stage will get you through to Netflix but by then you don't deserve to chill.
It looks like it is the business user that is most likely to fall for this, because they don't want to be sitting around doing leisure type stuff when they are on the clock. People at home may take more time over this kind of stuff, which would do them a favour under these circumstances.
"Typically, people at work try to handle a minor personal inconvenience as quickly as possible. So, the Netflix phish works to trick those busy people into giving up login information. The victim is already rushed; they may not have the time to keep track of dozens of passwords" added PhishMe.
"So now the attacker hopes that you reuse the same password for your personal email account or, if the attacker is very lucky, for your work email account. In either case, they can now reset passwords for various other online services—banking, healthcare, social media—to pivot and carry their attack forward."
PhishMe said that firms could make it harder for phishing bastards by enforcing two-factor authentication at the desk level. µ
Soon people may also be assessed by their flaws
More chat, less cloud
But firm falls short of promising a fix
Firm finds a way to bypass flawed technology