Super similar Netflix phishing site! Fake "Deduction Failed" official notification letter to steal payment information and login account password

Netflix-like phishing site

Recently, some people posted on Facebook, saying that they had received an official Netflix notification of "debit failure", and that they had just replaced the credit card because the card expired.

At first glance, this website does not seem to have any obvious flaws with the general Netflix official website. It is easy for people to fall into the trap and enter their own account and password to log in, but in fact, if you look closely, you will find that the URL turns out to be "hxxps[:]/ / netfltiw[ .]com/" instead of the official website netflix.com as we know it, and unless you happen to have no Netflix account, most people won't find that the "Sign Up Now" on the site isn't actually clickable at all

1. Fraud login account password

As shown above, the first screen many people see when they enter this phishing website is to log in. In case you really enter your email/phone and password here and press login, your account and password will be sent to the fraudulent group, except that they can log in to your Netflix with this, if You have other platforms or accounts that use the same account and password combination, which may be stolen at the same time

2. Defrauding personal funds

Then it began to show its tricks. All the pages after the login page suddenly turned into simplified characters . If you are not alert at this time, then when you enter these information such as name, phone number, address and birthday, let the fraud group grasp you. For more information, they can use this information to impersonate you on the Internet in the future, or make good use of this information to carry out the next wave of fraud attacks on you to improve their credibility

3. Stealing financial cards/credit cards

Finally, there is the part that scammers love most - payment information .

As long as you enter your name, card number, expiration date and security code, the fraudulent group can immediately steal your card, and you will immediately find that you are not only charged for the Netflix subscription fee, but even 50,000, 100,000..., and If you don't apply for card suspension and replacement immediately, the fraudulent group may still use your payment information to continue stealing in the next few days.

Fake Netflix's official mail

In this way, Netflix's fake website is usually not searched by the people themselves. Generally speaking, it will be entrained in fake official phishing letters or text messages , and people will be induced to click on the wrong official website by means of inducement.

And a few days ago, many people began to receive letters from Netflix with the subject line " Your membership has expired "

In the text it says that there was a problem processing billing information and that you need to update your account to restart your membership

Hello, we are having some problems processing your current billing information. We'll try again, but in the meantime, you may need to update your payment details.

When you click "Update Account Now", you'll be taken to Netflix's phishing site

How to Identify Netflix Phishing

1. Log in directly to Netflix

If your Netflix account is disabled, you will be asked to re-enable your membership when you log into Netflix, so if you get this letter and you go to https://www.netflix.com/ If you can log in to watch the video normally, it means that the letter is fake.

remember! Be sure to search for Netflix by yourself , don't go to Netflix through the link in the letter, although they make a very similar picture, it is not necessarily true

2. Sender's email address

Although the sender's name is written "NETFLIX"

But look carefully at the email address, as long as it's not from @netflix.com , don't easily believe that he is really from Netflix, the name can be named arbitrarily, but the email address can't be faked, so don't believe the name, take a look email address

3. Strange Chinese grammar

There are many strange Chinese grammars in this letter. For example, where we are used to saying "information", they use the Chinese term "information"; and they use the word "quote" even though they are paying for subscription; "Link" is a non-Taiwanese term such as "link"

What's even weirder is that the last letter ends:

enjoy! your friends on Netflix

It looks like Enjoy in English! Directly translated, the signature is also very strange

All the above signs show that this letter is full of loopholes, and even Chinese cannot express it properly.

4. Check Links with Fraud Experts

Although the links in the letter have been turned into hyperlinks and wrapped in text, so that you cannot directly see the URL

But you can still move the mouse over the hyperlink and stop for a few seconds, and the URL will automatically appear next to the arrow, or right-click on the hyperlink and "copy the link" to another place, you can see the URL clearly~ as long as Not netflix.com is not Netflix official website!

If you open the email with your mobile phone, just press and hold the hyperlink for two seconds, and the option to copy the URL will pop up.

If you can't directly identify whether it is the official website through the URL, then you can pass it to the anti-fraud expert , and we will check it for you! You only need to pass suspicious links, and in two seconds, you will know whether the website is safe or not.

What if you have already entered personal information?

• Change Netflix password
• Change your password on every website where you use the same group account password
• If you have already entered payment information, contact the financial institution immediately to stop the payment

Comprehensive Fraud Prevention Toolkit:

• Learn More Fraud Prevention Tips: Fraud Expert Blog
• Get to know Fraud Master: Fraud Master Official Website
• Identify fraudulent websites in one second: anti-fraud expert chatbot
• Discuss fraud with everyone: fraud prevention experts - National Anti-Fraud Notification Center
• Click here to see the original blog post