Australian Netflix users are being urged to delete a scam email that leads to a ‘‘very clever’’ website that can dynamically change as you punch in your details.
The Australian Communications and Media Authority detected the scam this week. The email’s subject line is: ‘‘Netflix Membership On Hold’’.
‘‘These scammers are becoming increasingly sophisticated and the phishing websites very much replicate your experience when using the real website,’’ Bruce Matthews, manager of cybersecurity at the ACMA, said.
In the latest scam subscribers are transported to a fake Netflix sign-in page that looks like the real one – even decked out with Daredevil movie imagery.
When a victim ‘‘signs in’’, the fake website feeds the username and password to the real website and obtains their full name.
The victim hits the next page, which shows an ‘‘account verification’’ form. The first and last name fields are pre-populated, re-assuring the user the website is genuine.
Once the user fills out the rest of the fields, such as home address, date of birth and mobile number, they’re prompted to share their credit card details.
This is when the fake website begins to dynamically change. It will identify your financial institution based on the credit card number, and then ask for additional authentication by, for example, using ‘‘MasterCard SecureCode’’ or ‘‘Verify with Visa’’ boxes.
‘‘If a particular bank asks for additional security information, it will determine that based on your credit card details and the form will change,’’ said Mr Matthews. ‘‘It’s a very clever website.’’
Cybersecurity experts now talk about ‘‘smart phishing’’, where forms can change and even identify incorrect information, such as an invalid credit card number.
Scammers can use the information to steal identities and access financial accounts.
The code behind the fake website reveals that the con artists are targeting Australian users, although it can be easily modified for other jurisdictions.
‘‘I think scammers follow the money trail and maybe assess how successful their campaigns are in various jurisdictions,’’ Mr Matthews said.
Users should also check the URL of the website; however, this was becoming trickier with many now checking emails and browsing the internet on a mobile phone.
The Netflix website says users can keep their account safe by using a unique password and regularly changing it, being aware of possible phishing attempts, reporting fraudulent or suspicious activities and signing out of security flaws.
There are an estimated 1.03 million Netflix subscribers in Australia, according to research firm Roy Morgan.