Monday, 20 April 2015

Your Netflix Membership has been suspended phishing email.

Your Netflix Membership has been suspended phishing email.

Headers:
From: "Netflix"{membership.no-reply@netflix.ssl.com}
Subject: Your Netflix Membership has been suspended [#386729]
 body:
Validation failed

During a routine check of your account we have failed to validate the billing method we have on record for your account.

To continue using the Netflix service you will need to update/verify your billing information.
CONTINUE

Please note that failure to complete the validation process will result in the suspension of your netflix membership.

We thank you for your understanding.

Netflix Billing Support


Tweet

Like

Forward

Preferences  |  Unsubscribe

The link in the above message body is:
http://net-auth1.net/
The link then redirects you to a fake phishing site:
http://netflix.co.uk.membershipservices.cgi-bin.webobjects.mynetflix.woa.verify7.net-auth1.co.uk/f7c70cf252103e78ced2edb44714cb93/Login.php

The phishing site looks this this and asks you to login (which isn't a good idea):



Cheers,

Steve
Sanesecurity.com

2 comments:

Anonymous said...

Thank you for this information, I just received said email and decided it looked phishie...

Anonymous said...

Just got a similar message - very professionally done, except they claimed I signed up in France. I don't even have a Netflix account - period. I always check the message source via Thunderbird View menu, and this one came via a Japanese ISP, so that alone smells to high heaven.