Massive Phishing Campaign in Brazil Targeting Netflix Users

Last updated July 8, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

With billions of people “staying home,” it is only natural for streaming platforms like Netflix to be on fire right now. Crooks know that very well, and they are ramping up their efforts to scam people who are holding on to their precious in-house entertainment. Bitdefender has been following the activity of phishing actors in Brazil, and their report shows that there’s a burst of spam mail distributed to tens of thousands of people in the country. In total, from March 18 until March 23, 2020, actors have sent 183,807 phishing messages to random individuals.

netflix_flux

Source: Bitdefender

Considering that there are approximately 128.5 million Brazilians who have access to the internet and that 11 million of them are active Netflix subscribers, the number of phishing messages is high enough to ensure that a significant portion will reach valid targets. Their content claims that users need to update their credit card information because Netflix detected “some inconsistencies” with their accounts. The layout uses the official logo and color theme so that it looks like it really came from the streaming giant. Even the “About” section on the footer of the email has been copied directly from Netflix.

netflix_phishing_message

Source: Bitdefender

The targeted subscriber is even threatened with a blocking action, so inside the email, there is a link to "help them resolve the issue." The links point to: ‘hxxps://index1-atualizar-cadastro.joomla.com/index1’, and ‘hxxps://br-sec-series.joomla.com/acesso/br,’ which are obviously not part of the official Netflix portal. Another email that also looks legitimate goes a bit further, claiming that the subscriber’s Netflix account has already been suspended. The recipient is urged to take action (click on link) to re-activate their account, while the landing domain is ‘hxxps://br-sec-series.joomla.com/acesso/br.’ On the above phishing pages, the visitors are requested to enter their Netflix account credentials and then to “update” their credit card information. In the first case, the sender is ‘jasmin.becken@,’ while in the second message, the sender is ‘samsammy@.’

netflix_second_mail

Source: Bitdefender

That said, the signs of fraud are evident, and any success that this campaign may have is based on the lack of composure from the recipient’s side. While the scam presented above is nothing but new and has been happening all over the world in the last years, one golden rule remains the same: whenever you receive messages from any platform, you should visit the official website of that platform directly and then check if your account has any alerts that need your attention. Never click links contained in an email or SMS, and never believe anything that is claimed in the messages no matter how genuine they may look. Finally, you should pick up and install a network security solution that could help you identify phishing attempts and even stop you when trying to visit fraudulent domains.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: