A “brandjacking” phishing campaign aimed at Netflix subscribers was identified by cyber security experts in recent weeks.
The campaign utilised multiple phishing techniques. Subscribers received emails requesting that login details and credit card data be updated via a portal. Once the details were entered the subscriber was shown a fake verified by VISA page and then redirected to the real Netflix login page. The Greek letter chi was used in place of the ‘x’ in Netflix in some emails to subscribers, but otherwise the branding and style of the emails and portal appeared authentic.
Phishing campaigns are becoming increasingly sophisticated. An open source report found cyber criminals are hacking into sites with a valid website security certificate and replacing the content with the site they are seeking to imitate.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.