Over the past several years phishing scams have grown more prevalent as they continue to cleverly impersonate reputable companies as a means to gain trust and steal personal information.
One common method of phishing is done by using social engineering techniques through email to try and convince the victim the communication is legitimate. Usually phishing scams target victims for the purpose of illicit financial gain.
According to the Consumerist, a new phishing scam is making the rounds, and Netflix is the company being used as the bait. What the scammers are doing is sending out emails from this spoofed address, firstname.lastname@example.org, and the email includes a .zip file attachment.
The text of the emails (which can be read in full here) tells the Netflix member their form of payment was declined "for one of several reasons, such as insufficient funds or an expired credit card" and informs the individual they need to update their credit card on file information or add a new credit card to the account.
Instructions ask the individual to download the .zip file and open in a web browser. Anytime a .zip file is received it should always be viewed with suspicion since many .zip files come loaded with malware and can bypass anti-virus software.
Unfortunately these types of phishing scams are quite common nowadays. Big brands such as Amazon, eBay, PayPal and popular banks are often exploited and impersonated by phishermen.
Data breaches are problematic on many levels, however one of the damaging effects after a breach is the potential for phishermen to target victims of the breach. For instance, in the wake of this past spring's massive Epsilon data breach, scammers immediately jumped on the opportunity to further exploit victims by trying to lure them to a website to take 'preventative' action against their information being exposed. Classic social engineering, preying on the fear and vulnerability of the individuals affected by the breach.
Emails generally should be viewed with suspicion, and any time a company asks for personal information of any kind, it is best to go to your browser and type the URL in directly or pick up the phone and call the company yourself by obtaining the phone number off the official website. In order to avoid being scammed, it is a good idea to learn how to recognize the signs of phishing frauds that arrive in email.
However, email isn't the only way Netflix customers have been exploited this month, CNET reported on Oct. 12 an Android app was circulating that mimicked the real Netflix mobile app.
This fraudulent app is a Trojan designed to look very similar to the real deal, and its intention appeared to facilitate stealing customer account information for those individuals that installed the fake app, however experts are unsure just what the scammers planned to do with the limited information they could obtain.
At the time of report, CNET said, "it's unclear how they planned to make money off the scam. It might be a test run for a phony mobile banking app, which could yield access to much more sensitive information."
As smartphones becomes increasingly popular, mobile scams are likely to rise. A recent study predicted increased need for mobile security will emerge as society gravitates towards mobile.
While scammers, such as these latest Netflix scams, appear to be testing the waters beyond email, it is unlikely that email phishing scams are likely to disappear anytime soon.