Mailguard researchers described the email used in the scam as being relatively well designed and said the scammers are using a template system to generate individualized messages with specific recipient data, according to a Nov. 3 blog post.
While the body of the email is generic, the sender field is designed to show the name of the victim personalizing the message more so it seems more convincing. The emails subject line reads “Your suspension notification” and is addressed “Hi #name#.”
“We are unable to validate your billing information for the next billing cycle of your subscription therefore we'll suspend your membership if we don't not receive a response from you within 48hours,” the message said. “Obviously we'd love to have you back, simply click restart your membership to update your details and continue to enjoy all the best TV shows and movies without interruption.”
The message features a restart membership button along with phony links to contact the company and for a help center.
It's unclear how many people were affected by the scam. Votiro Security Researcher Amit Dori said users should think before they click and examine emails before responding.
“They should make sure to hover over each link to see where it leads to,” Dori said. “Also, be sure not to provide any personal information if you're not certain the site is legit. Be sure to check the domain and view the SSL certificate.”
Experts agree, users should remain vigilant as these type of attacks will continue to be successful as long as people take their emails at face value. As a result it is relatively easy for attackers to steal credentials by mimicking trusted brands.
“Information such as your Netflix login credentials, email address, credit card numbers, mailing address and other personal information have value in the black market,” Mimecast cybersecurity expert Matthew Gardiner told SC Media. “And when collected in the tens or hundreds of thousands, can represent significant revenue to the cybercriminals.”
Gardiner added that it is easy for cybercriminals to send out spam email campaigns targeting widely used services such as Netflix which can yield large profits by harvesting this information from even a relatively small percentage of targeted people.