A new Netflix phishing attack leverages fake emails from the streaming service to trick users into handing over their credit card credentials.
The attack starts when a user receives an email from what appears to be Netflix warning them that they need to update their membership information.
You can see that the sender email address, [email protected][.]desk-mail[.]com, has nothing to do with Netflix. So it’s not surprising that clicking on the “Update” link leads somewhere other than the streaming service. In fact, it directs the user to hxxp://see-all[.]norafix[.]com/, a location which immediately redirects them to the subdomain hxxp://account[.]norafix[.]com/ch/customer_center/customer-IDPP00C274/js/?country.x=&locale.x=en_.
That page prompts the user to enter in their Netflix credentials followed by their payment card details.