The new Netflix scam was started a few weeks ago and it comes in the form of an email with the subject header “Notice of Verification Failure” stating that there has been some billing issue and that the user needs to update the information. The email contains a link that redirects the user to a CAPTCHA page where the user has to verify by entering the alphanumeric sequence upon clicking the verify the page. The main Netflix page is a lookalike is hosted on the ‘axxisgeo[.]com’ domain, which belongs to an oil and gas company based out of Texas. This domain is also unrelated to Netflix and the attack. This is because the attackers are able to evade security controls based on URL/link protection and get past filters that block known bad domains. The page asks for login details and billing information which includes bank name and account number.
ALSO READ| Tech Giants Amazon, Apple, Facebook & Google Testify Before Antitrust Subcommittee In US | 5 Things To Know
In the first glance, the whole thing looks so convincing that users can fall for it. Netflix has specified in the security section that they don’t ask for any such details that.
“We will never ask for your personal information by texts or email. This includes:
- Credit or debit card numbers
- Bank account details
- Netflix passwords
- We will never request payment through a 3rd party vendor or website.
If you receive a text or email requesting any of the above, it is not from Netflix.”
Beware of such attacks and if you have clicked on such suspicious links, it best to change your password immediately. Aside from that, make sure you check the site you are on thoroughly, check for giveaways like like spelling errors you can even hover over links to look at the URLs. If all of this confuses you, then it is best to go to the sperate tab and log in separately and not through the email.