New Phishing Schemes Out to Hook Netflix and Amex Users

Technology > Security

Microsoft's antivirus team discovered some emails that can cause phishing to Netflix and American Express holders / Photo by: Clemson via Wikimedia Commons


Cybersecurity experts at Microsoft's Windows Defender Security Intelligence Team have discovered two new email-based phishing schemes that target American Express and Netflix users. 

The two campaigns are very well-crafted as they feature legitimate logos of the two companies and even fill-out forms that closely resemble those found on the firms' websites, TechNews World said.

It added that both of the schemes were launched earlier this month and each cast a wide net, although it remains uncertain if the same group is managing these scam. The Windows Defender Intelligence Team advised all computer users to be on the lookout and be extra careful in the coming days and weeks.

According to TechNews World, the email-based attacks both warned of issues on the users' accounts—a common tactic in phishing scams. It reported that Amex users received a "Notice Concerning Their CardMember Account," which states that they have to undertake a re-authentication process for security reasons.

The message advises customers to download and fill out an attached form, which itself does not have a virus but does ask for highly personal information like maiden name, birth dates, PIN for the card, and even first elementary school.

Meanwhile, the Netflix phishing attack warns customers that their "account is on hold because of a problem with their last payment," and as with the fabricated Amex messages, they also feature the actual Netflix logo. The message contains a link that direct receivers to a "Billing Information" form that asks for their full credit card numbers, including the PIN and other personal details like Social Security numbers.

The tech news site said the emails and forms seem convincing, including proper grammar and spelling, which shows that the criminals behind the scheme were meticulous in copying and editing the content to eliminate the usual dead giveaways of typos.

The only indication with the Amex email is that it shows capital letters following commas—something that consumers may not immediately notice as a grammatical error.