Your Netflix Membership has issues [#2293844] - Spam Warning
A Netflix Phishing Scam has been doing the rounds, originating from Netflix <[email protected]> in this case, which is not actually a Netflix domain.
From: Netflix <[email protected]>
Sent: Sunday, May 24, 2020 8:53 PM
Subject: Your Netflix Membership has issues [#2293844]
| |
|
|
|
|
Dear Customer,
|
|
We recently failed to validate your payment information we hold on record for your account, therefore we need to ask you to complete a brief validation process in order to verify your billing and payment details.
Click here to verify your account
Failure to complete the validation process will result in a suspension of your netflix membership.
We take every step needed to automatically validate our users, unfortunately in this case we were unable to verify your details. The process will allow us to maintain our high standard of account security.
|
|
Netflix Support Team
|
|
| |
|
This message was mailed automatically by Netflix during routine security checks. We are not completely satisfied with your account information and require you to update your account to continue using our services uninterrupted.
|
|
So these new email scams are somewhat annoying in that we cannot access them without the string that indicates our email address being passed to the spammers. If we simply try and access the route of the site:
We simply see:
But since our email address is just a spam catching email anyway, we don't actually care. The important thing is that it allows us to post what happens if you link to a phishing site and your browser doesn't warn you.
So the opening screen is fairly convincing:
But the system doesn't check that you are just typing in offensive messages to be discovered by the webmasters later, so let's continue...
So they just assume your id was correct first time around..
Well hopefully most people would notice that their email and password were not provided by their browser, and so something is badly wrong. On we go...
And then it just takes us to the proper Netflix login screen, without any thank-you message, so we would've known instantly we'd been had in time to cancel everything. What was the point of all that? Decent programming at the hands of stupid thugs probably. Still at least they will have fun using Vladimir Lenin's card number...
How the domain people let a domain like
secureserver-userid0.com be registered is somewhat confusing. They need to have some sort of validation in the system.