Beware bogus Netflix emails

By on
Beware bogus Netflix emails

The latest scam email campaign reported by MailGuard is designed to steal your credit card details.

A new Netflix email scam designed to steal credit card information has been detected by email security provider MailGuard.

“The scam message tells the recipient that Netflix ‘failed to validate’ their payment and that they need to log into their Netflix account to ‘verify’ their ‘billing and payment details’,” MailGuard reports.

The email creates a sense of urgency by warning the recipient that “failure to complete the validation process” will result in their Netflix account being cancelled.

Clicking the ‘verification’ link in the email takes the victim to a phishing website set up to look like a real Netflix login page, which prompts the user for their email address and Netflix password, and then sends them to a page that harvests their credit card details.

The fake Netflix log-in page. Picture courtesy of MailGuard.

“This scam has been very well executed with high quality graphical elements in the email message and phishing page, so it’s easy to imagine that it could potentially trick a lot of unsuspecting people,” MailGuard warns.

Protection tips

Fake emails that masquerade as trusted brands are now a very common trick used by scammers. They’re often quite realistic, so it’s advisable to take measures to protect your devices and your business:

  • Be vigilant when checking emails and look for signs of fakes. One potential clue is that the email doesn’t address you by name, but instead has a generic salutation such as “Dear Customer”.
  • Similarly, check who’s sending you the email. Scam emails and spam often come from odd email addresses, though be aware that legitimate email addresses can be forged. So avoid messages that fail this ‘sniff test’, but don't assume that you can trust all emails that pass it.
  • Only click links from trusted senders. You can check links by hovering your mouse over them, revealing the destination in your browser. Again it’s not perfect, because many organisations use email distribution services that replace the actual links for tracking purposes.
  • Always double-check that you're on the right website before entering your credentials for any online service.
  • Never open an attachment that is a .zip file or .exe file unless you are expecting it. We’d go even further, and suggest that all unexpected attachments be avoided, because there are ways of embedding malicious code into other types of file.
  • As always, security software can help protect your system against malware, though not necessarily against all email scams. For businesses, email security services such as MailGuard specialise in detecting spam and malicious email, and preventing them from reaching your inboxes.

MailGuard regularly reports malicious campaigns masquerading as trusted brands, such as the ATO, ASIC, Telstra, CPA Australia, EnergyAustralia, Xero, MYOB, Commonwealth Bank, Netflix, Amazon and many more.

Here are some previous reports from earlier this year.

Fake Origin Energy invoice notifications

27 March 2018: MailGuard has warned of a phishing campaign of fake emails purporting to be Origin Energy invoice notifications. The email contains a ‘view bill’ link button which, MailGuard suspected, linked to a file containing some type malware.

An example of the fake Origin email. Picture courtesy of MailGuard.

“This is a well-designed scam message,” MailGuard commented. “The criminals behind this attack have gone to the trouble of registering four new domains and using them as email sender domains to make their emails look more legitimate.”

Fake Xero invoice notifications

22 March 2018: MailGuard has warned of a phishing campaign of fake emails purporting to be invoices. The emails are designed to look like invoice notifications sent through the Xero accounting platform from one of a number of real businesses. The emails use fake ‘Xero’ domains in the sender addresses.

An example of a fake Xero email. Picture courtesy of MailGuard.

The emails contain a ‘view invoice’ button which, if clicked, downloads a hidden Javascript file containing malware.

Bogus MYOB invoice notifications

7 March 2018: MailGuard has warned of a phishing campaign of fake emails purporting to be invoices. The emails are designed to look like invoice notifications sent through the MYOB accounting platform from one of a range of businesses.

The emails contain a link which directs the victim to ‘view invoice’, but instead downloads a file containing hidden malware.

Scam emails aim to steal Apple IDs

19 March 2018: MailGuard has warned of a scam campaign of fake Apple notification emails that aims to steal victims’ Apple IDs and passwords.

The bogus email claims the recipient’s Apple account has been locked for security reasons, and clicking on ‘unlock Apple ID’ takes them to a phishing page designed to look like an Apple ID sign-in portal. The aim is to harvest victims’ login credentials as they sign into the fake portal.

The fake Apple log-in page. Picture courtesy of MailGuard.

“This attack has the potential to affect a lot of people and could result in financial losses and significant harm to computer systems,” MailGuard commented.

Fake QuickBooks invoice notifications

22 March 2018: MailGuard has warned of a phishing campaign of fake emails purporting to be invoices. The emails are designed to look like invoice notifications sent through the QuickBooks accounting platform from one of a range of businesses.

The emails contain a ‘view invoice’ button which, if clicked, is likely to download a file containing malware.

An example of a fake QuickBooks email. Picture courtesy of MailGuard.

“This email scam is quite well designed and is exploiting Quickbooks branding to convince victims that it an authentic notification email,” MailGuard commented.

Telco brands exploited in scam emails

8 March 2018: MailGuard has warned of a malicious campaign of fake emails that exploit Vodafone, Telstra and Bigpond brands. The emails appear to be delivering a ‘wire transfer receipt’ as a .pdf attachment, but the file contains malicious code that is activated if the file is opened.

The emails are sent from a number of email addresses with the Vodafone, Telstra and Bigpond domains.

Fake Dropbox notifications

2 March 2018: MailGuard has warned of a scam campaign of fake Dropbox notification emails that aims to steal your Dropbox credentials.

The sample email isn't very convincing: the sender's address is highly suspicious (Dr()p-B()x!!), the recipient isn't addressed by name, there are a number of typos in the body of the message, and the overall style doesn't match the format used by Dropbox.

An example of the fake Dropbox email. Picture courtesy of MailGuard.

Nevertheless, the email uses the Dropbox brand and could catch out inexperienced users or those not paying close attention, and the consequences of making a mistake are serious. Phishing emails like this link to a bogus login page that’s are set up to look like the real website, but will actually harvest your login details.

If a message like this arrives in your inbox, don't let curiosity get the better of you.

Scam emails link to bogus Office 365 portal

26 February 2018: MailGuard has warned of a scam campaign of fake Xerox document sharing notification emails that aims to steal your Office 365 credentials.

The fake Office 365 log-in page. Picture courtesy of MailGuard.

Clicking on the email’s ‘view document’ link takes the victim to a phishing page designed to look like an Office 365 sign-in portal. The aim is to harvest victims’ login credentials as they sign into the fake portal.

Bogus eBay invoices

28 February 2018: MailGuard has warned of a phishing campaign of fake emails purporting to link to an eBay invoice. The emails contain a ‘view invoice’ link button which links to an archived file containing JavaScript malware.

Fake Microsoft Dynamics invoices

16 February 2018: Email security provider MailGuard has warned of a phishing campaign of fake emails purporting to link to a Microsoft Dynamics invoice.

The scam is designed to steal victims’ Microsoft login credentials – which could potentially give the perpetrators access to any Microsoft service connected to the account, possibly including Outlook emails, Office 365 documents and OneDrive files.

Thankfully, the fake email is “not very well designed”, according to MailGuard, and the sender’s email address uses the mylocustpoint.org domain, which has nothing to do with Microsoft.

The fake sign-in page (image from MailGuard)

That said, the email uses the Microsoft Dynamics brand and could catch out inexperienced users or those not paying close attention. And clicking the link in the email takes the user to a fake login page that looks like a Microsoft sign-in page.

Bogus Westpac and MYOB emails

12 February 2018: MailGuard has warned of two new email scam campaigns, with one purporting to be from Westpac and the other masquerading as an MYOB invoice.

The aim of the fake invoice is to trick users into downloading and executing JavaScript malware, while the bogus Westpac emails are designed to steal customers’ online banking login details and personal information.

The fake MYOB email is well written and formatted, and appears to come from a genuine email account from a company called Craftedeals. It’s not clear whether the sending email account has just merely been spoofed (something that's trivially easy to do), or if that account has been compromised.

One of the fake Westpac emails (image from Mailguard)

As we’ve pointed out previously (see below), scam emails often come from odd email addresses, and that’s the case with fake Westpac emails from the westpac.co.kr domain and the associated phishing site using westpac.com.

According to the real Westpac site, “Westpac will never ask you to update, verify or correct any Online Banking details directly into an email reply.”

Fake Suncorp 'wire transfer notification'

29 January 2018: MailGuard has warned of a scam campaign with fake emails purporting to be a Suncorp Bank wire transfer notification.

The hoax email features the Suncorp Bank logo, but clicking on the ‘Wire transfer details’ link triggers a download of a .zip file containing malicious JavaScript code, according to MailGuard.

An example of the fake email (image courtesy of Mailguard)

There are tell-tale signs that this email is a scam, with poorly written text and the sender’s email address unrelated to Suncorp. However, other email scams are often more realistic, so you (and your staff) need to be prepared.

Fake MYOB ‘invoices’

24 January 2018: MailGuard has warned of a scam campaign with fake emails purporting to be an MYOB invoice notification.

This hoax email is quite well written and formatted, featuring the MYOB logo and a “View invoice” button. But clicking on that button triggers a nasty surprise: it downloads a .zip file containing JavaScript malware, according to MailGuard.

One of the fake emails (image courtesy of Mailguard)

The campaign closely follows a similar email campaign ‘brand-jacking’ Telstra.

Fake ATO emails

18 January 2018: A campaign of fake emails is purporting to come from the “Revenue Collection Agency” and feature the Australian Taxation Office brand and the Commonwealth Coat of Arms, according to MailGuard.

The fake emails ask recipients to complete a linked “tax form”, but the file is actually a .zip archive containing an unspecified variety of JavaScript malware.

As MailGuard pointed out, the ATO has told taxpayers that it won't (among other things) “send downloadable files or tell you to install software”. It’s not the first campaign of fake ATO emails either.

One of the fake emails (image courtesy of Mailguard)

These are just some of the many scam warnings from MailGuard that we have covered.

Copyright © datagraph (Business IT). All rights reserved.
Tags:

Most Read Articles

You must be a registered member of Business IT to post a comment.
|