New Email-Based Phishing Campaign Targets Netflix, Amex Users

A new email-based phishing campaign targeted at American Express (Amex) and Netflix users has been discovered.

The discovery was made by cybersecurity experts from Microsoft’s Windows Defender Security Team, who disclosed in a tweet that the two campaigns were well crafted and featured fill-in forms and legitimate logo designs that almost seemed identical to those on the authentic companies’ websites.

They noted that it was unclear if the malicious campaigns were organized by the same attacker, but stressed that both campaigns were launched last weekend.

The experts revealed that phishing attacks had not only increased in sophistication but in frequency. They noted that phishing attacks experienced a 250% increase last year alone.

The Netflix email-phishing attack warns users that their accounts were placed on hold due to a problem surrounding their last payment.

The mail actually features an original Netflix logo, with a link to direct users to a Billing Information form that requires users’ credit card numbers and PIN, as well as personal details including Social Security numbers.

Similarly, the Amex email-based phishing scam sends users a notice concerning their CardMember Account, which the mail claims for security reasons would need to go through a reauthentication process.

The mail further advises users to download an attached form and fill out the details therein. According to the report, the form was void of a virus but had asked users to fill out sensitive information, including mother’s maiden name, credit card PIN, first elementary school and even birth dates.

The disturbing reality was that the emails targeted at the two companies’ subscribers were written in simple and correct grammar, an indication that the attackers took their time to properly edit their copies to make it all seem convincing.

The security experts have advised all computer users to be particularly vigilant in the coming days, as similar scams may begin to pop.