silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,168
Two ongoing phishing campaigns are actively targeting Netflix and American Express (AMEX) customers to steal credit card and social security information as discovered by the Office 365 Threat Research team during the weekend.
As detailed by the Windows Defender Security Intelligence team on Twitter, "Two massive, still-active phishing campaigns targeting Netflix and AMEX emerged over the weekend, the Office 365 Threat Research team has discovered. Machine learning and detonation-based protections in Office 365 ATP protect customers both campaigns."
The phishing campaign targeting Naetflix clients redirects its victims to a realistic looking downloadable form designed to collect and exfiltrate credit card information (card number, expiration date, bank name, PIN, and security code) and billing information (name, e-mail, SSN, address, phone, and date of birth).
The Netflix phishing campaign uses a "Your account is on hold" subject line meant to create a sense of urgency in an effort to increase the chances that the victim will be more prone to make errors and be a lot less careful when feeding sensitive information into the data theft form.
Netflix phishing campaign