A fake email using Netflix's name was identified as a phishing scam this week. Disclosed by the Federal Trade Commission (FTC), in the United States, the message perfectly simulates the visual identity of the streaming service and requests the update of payment data. Users in Brazil also received the message in Portuguese.
READ: Web scams have reached more than 48 million in Brazil
By clicking on the link that appears in the email, a ransomware or other program that restricts the victim's access to the system can be installed on the computer or cell phone to steal the victim's financial information. There is also the possibility that the person will be redirected to a fake page of the platform and, unknowingly, share with the scammers their personal data and Netflix login and password.
Scammers use fake Netflix email Photo: Carolina Ochsendorf / Tech
Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo
This type of phishing that involves the payment method can have a double gain for the cybercriminal, since he gets the password for the Netflix account (and resells it in the underground) and also gets the victim's credit card number, and can clone it. Like Netflix, Spotify, Deezer, among others, are among the online services where phishing attacks occur most, as these credentials can be resold in the underground, explained to TechTudo Fabio Assolini, senior security analyst at Kaspersky Lab.
The text of the e-mail circulating in the United States was written in British English, which shows how the network of criminals acting behind the broad scam. While the foreign version of the message has a generic introduction (hello dear, "hello, dear" in free translation), the text aimed at Brazilian users replaces the terms of reference to the alleged customer with the email address to which the message was sent.
TechTudo received the Portuguese version of the phishing message using the Netflix name Foto: Reproduo / TechTudo
According to Assolini, it is common to use the Netflix company name to apply phishing scams, which can occur in different ways, such as e-mail alerts for problems with the account or card, account re-registration, false promotions, among others. The FTC requests that fake emails from Netflix be forwarded to the company via the address firstname.lastname@example.org for the company to investigate the scam.
E-mail shared by the FTC that targets foreign users Photo: Reproduo / FTC
In phishing scams like this, cybercriminals create fake emails, messages or even websites by posing as known companies, with the aim of obtaining private information from the victims. In Brazil, a model that has been quite common is the false promotions shared by WhatsApp, which promise prizes if the victims access a link. Often, there is still an incentive for the person to share the message with contacts.
In order to avoid falling into this type of fraud, it is important to be attentive to grammar, since these texts are usually poorly written and present Portuguese errors. If the message is sent by e-mail, it is essential to check the address of the sender and if there are other ways of contact for the solution of problems that are not only by links.
It is also essential that the user does not download files and does not share personal information by clicking on the indicated links. In the case of scams by WhatsApp, the user must still be suspicious of promises that are too good to be true and of requests to share the content with other people.
WhatsApp: five tips for using the app safely
I clicked on phishing email, now what? Exchange tips on TechTudo's Forum.
What ransomware: five tips to protect yourself