Headers:
body:
From: "Netflix"{membership.no-reply@netflix.ssl.com}
Subject: Your Netflix Membership has been suspended [#386729]
The link in the above message body is:
Validation failed
During a routine check of your account we have failed to validate the billing method we have on record for your account.
To continue using the Netflix service you will need to update/verify your billing information.
CONTINUE
Please note that failure to complete the validation process will result in the suspension of your netflix membership.
We thank you for your understanding.
Netflix Billing Support
Tweet
Like
Forward
Preferences | Unsubscribe
The link then redirects you to a fake phishing site:
http://net-auth1.net/
http://netflix.co.uk.membershipservices.cgi-bin.webobjects.mynetflix.woa.verify7.net-auth1.co.uk/f7c70cf252103e78ced2edb44714cb93/Login.php
The phishing site looks this this and asks you to login (which isn't a good idea):
Cheers,
Steve
Sanesecurity.com
2 comments:
Thank you for this information, I just received said email and decided it looked phishie...
Just got a similar message - very professionally done, except they claimed I signed up in France. I don't even have a Netflix account - period. I always check the message source via Thunderbird View menu, and this one came via a Japanese ISP, so that alone smells to high heaven.
Post a Comment