Every week we hear about a new phishing campaign that is more evolved and polished than before. Attackers have started to not only copy the user interface of the bait websites, but they also sometimes use legitimate certificates and acquire top-level domain names to trick users into falling for their phishing campaigns. However, the number of phishing tricks and scamming campaigns increases every year as we near the holiday season that brings with it a number of discounts, coupons, vouchers, and whatnot. Two recent campaigns that have attracted much user attention this week target Netflix and WhatsApp users.
How not to fall for Netflix phishing scam - just don't click on the emailed links
For Netflix, the phishing campaign is pretty straightforward - the attacker wants your financial information. This campaign is hitting Netflix users through emails that ask the victim to update their account information. Over 110 million subscribers have reportedly received this email. The email body is not only very convincing but also instills urgency by claiming that the subscriber's account has been suspended because of problems in billing information. [If you head over to your own account without clicking on the attached URL, you will see it up and running!]
The victim is then prompted to click on RESTART MEMBERSHIP button that takes them to a login page that looks very similar to a legitimate Netflix login screen but carries a different URL. If you do enter the login credentials here, criminals can get access to your account and potentially your bank account, as well.
In its statement, Netflix said that the company employs several security measures to detect fraudulent activity, however, users will have to be more cautious with these scamming emails.
"We take the security of our members' accounts seriously and Netflix employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members' accounts secure. Unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information."
Coming to WhatsApp and the onslaught of fake vouchers this holiday season
The second big phishing story doing rounds this week uses the messaging service to lure users with fake vouchers. While I received a message that offered an IKEA voucher sent from someone in my contacts, users have reported receiving these voucher messages from unknown numbers, as well. The vouchers claim to offer discounts on Marks & Spencer, Tesco and ASDA, among other retailers.
The text typically reads something like this:
Hello, ASDA is giving away £250 Free Voucher to celebrate 68th anniversary, go here to get it ... Enjoy and thanks me later !"
While users have recently spotted these messages using ASDA and Tesco, the scam initially started in October, hitting IKEA users in the Middle East and the United States.
The added link led to a screen that asked the victim to subscribe to receive the gift card by email. If you, however, manually add the above link in the browser, it will tell you that the voucher page doesn't even exist - the better way to see if a particular link is a fraud or not.
The more recent campaign that uses ASDA and Tesco, however, demands user's personal information for a promise of this voucher. The phishing site also install cookies on your phone to track your location and/or add extensions to show you unwanted ads.
Over the weekend, WhatsApp also made it to the headlines for having a clone on the Google Play Store that was downloaded over a million times. While it may be a little more difficult to spot a fake app on an official app store where you don't pay attention to the legitimacy of an app, link in emails and messages - even if from known contacts - should always be taken with suspicion.
They will either carry typos, use unofficial URLs and even if the URL appears to be legitimate in the email, it will take you a different address once you click on it. The best way to detect such a legit-looking URL is to type it in the address bar manually to see if the official domain even carries the page (in this case asda.com/mycoupon).
