From: NETFLIX <firstname.lastname@example.org>
Sent: Sunday, July 7, 2019 9:32 PM
Subject: Re: Your Netflix Membership is on hold [#26887]
We recently failed to validate your payment information we hold on record for your account,
therefore we need to ask you to complete a brief validation process in order to verify your billing and payment details.
Failure to complete the validation process will result in a suspension of your netflix membership.
We take every step needed to automatically validate our users, unfortunately in this case we were unable to verify your details.
This process will take a couple of minutes
and will allow us to maintain our high standard of account security.
Netflix Support Team
This message was mailed automatically by Netflix during routine security checks. We are not completely satisfied with your account information and required you to update your account to continue using our services uniterrupted.
There is a spelling mistake whey it reads uniterrupted instead of uninterrupted on the email, in bold above.
the site itself is pretty convincing, but the URL is obviously false:
No matter what you enter, you are taken through to:
Where we obviously entered completely non-offensive data to make clear our thoughts of their behaviour.
You are then asked for card info:
Whereupon we are told this is successful:
Now this is a site with a valid certificate:
Ando so the owners really should be traceable.
If we look in the details of the certificate, we can see that this is not really the case, the whole industry of hiding website owners really does slow down catching these thieves, as they put netflix as a hostname in their certificate:
Even the certificates are from letsencrypt.org who provide free certificates but for who other than criminals it is unclear.
We have sent the following to Tucows:
We are seeing the domain member-activation.com used and re-used for various scams as they just add another hostname for whichever service they are trying to defraud customers of. The domain owner and phishers must be connected as the phishers are able to add hostnames and validate certificates for the domain at letsencrypt.org.
Please can you take action to suspend and disable their domain account.
Let's see what happens...