silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
A recent wave of phishing attacks aiming to steal payment card info and credentials for Netflix streaming service starts with redirecting to a functioning CAPTCHA page to bypass email security controls.
The actor behind these attempts used a "failed payment" theme to engage potential victims into the redirect chain leading to the phishing page.
The fraudulent emails were sent at the beginning of the month and purported to be a notification from the Netflix support service about issues with verifying the billing address and payment details.
Looking at the sender's address (netfiix@csupport .co), it is clear that the attacker made an effort to make it look legitimate by trying to impersonate Netflix's customer support.
Researchers at Armorblox, a company fighting targeted email attacks, analyzed the redirection chain. It all starts with a link in the message that takes to the phishing page.