Cybercriminals pose as all kinds of companies and services to try, even by chance, to end up being the most effective phishing. On this occasion, the Internet Security Office has released a recent case in which they impersonate Netflix for a case of SMS phishing (smishing).
The criminals abuse the good faith of the customer and, given the message that their payment for the subscription to the streaming platform has failed , they manage to keep the personal and bank details of the victims.
Be very careful with the fake Netflix SMS
Those affected by this case of smishing receive an SMS text message informing of an erroneous payment for your subscription , followed by a fraudulent link that pretends to be the Netflix payment gateway and in which the intention is really to obtain the credentials to access your account.
Some common elements in the majority of shipments of this impersonation campaign is the use of https links to give a greater sense of security, although this does not imply that they are really secure connections and domains with URLs similar to the brand, «for example, ‘netfspain’ or ‘neftxes’ ”. These messages are introduced by the word ‘NETFLIX:’ to give more credibility.
Impersonation messages use claims such as “confirm data”, “refused payments” or “update your information” , in addition to the fact that in some cases these actions are urged to be carried out within 24 hours. An element that should make us suspect their lack of official status could also be the fact that they contain misspellings or accent marks.
Recommendations to avoid falling for these scams
The Internet Security Office itself gives a series of guidelines and recommendations on how to proceed in cases like this or the impersonation of other brands and companies.
- Do not open messages from strangers or that you have not requested, delete them directly or block them if your device allows it and do not answer these SMS in any case.
- Use caution when clicking on links , even from known senders.
- Check the URL of the web page. If it does not contain a certificate or does not correspond to the official site when you intend to access, do not provide any type of personal information : username, password, bank details, etc.
- In case of doubt, consult directly with the entity involved, in this case Netflix, through its Help Center , or with trusted third parties, such as the State Security Forces and Bodies (FCSE) and the Security Office of the Internet user (OSI) of INCIBE.
Netflix itself also informs that “we will never ask you to provide us with personal information through a text message or email. This includes debit or credit card numbers, bank account details, or Netflix passwords.” If you come across a phishing email or smishing SMS, please forward the message to phishing@netflix.com so they can take appropriate action.