Cybercrime doesn’t stop just because it’s getting closer to the silly season – in fact this is when cybercriminals ramp up their activity, so you need be extra careful.
Below are some of the recent scams noted by MailGuard, one is a fake email pretending to be from Netflix and another is a phishing scam from PayPal.
Netflix Email Scam
Cybercriminals have once again mimicked Netflix in a new email scam. According to MailGuard, the email is titled “reminder: update your payment details”, the email uses a display name of “Technical Support”.
It is trying to come off as a notification from the “Netflix Team”, complete with the company’s logo & branding. However, the domain used in the email address provided in the “From:” field doesn’t belong to Netflix – a red flag pointing to its illegitimacy. The email actually originates from a compromised Amazon SES account.
It informs users of “some trouble” with their “current billing information”, asking them to update their payment details. A button is provided for them to do so.
MailGuard discovers when you click on the button to “update account now” leads users to a phishing page on a compromised WordPress site. The phishing page had been taken down at the time of writing this blog. However, it is likely that the phishing page was designed to harvest users’ Netflix account information (including passwords), and potentially their credit card information as well.
Last week, Australian consumer watchdog Scamwatch published “fresh warnings of Netflix phishing scams” via a tweet advising users to be careful of emails asking you to click on a link to update your account.
PayPal Email Scam
PayPal is a usual victim of cybercrimes and once again been embroiled in a phishing email scam designed to harvest confidential data of users.
The email is titled “Reminder: Take action on your PayPal account” and employs the company’s logo in its body. The sender email address in the “From:” field, however it doesn’t use a domain belonging to PayPal – showing it is a spam email.
The email looks similar to this below:
After clicking on the link in the email, it leads the unsuspecting victim to a fake PayPal login like below:
MailGuard notes once users “log in” to their PayPal account, the scam leads them to several different phishing pages that ask for various personal details, including:
- Credit card details
- Address details
- Various banking details and identifiers
- Email credentials, and
- Pictures of various documents used to verify identity, including Passport, National ID and Driver’s license
The email does look fairly legitimate and raises the user’s awareness by mentioning unusual activity, which scares the user into taking action. The subsequent pages which it takes the user through also look legitimate with high quality branding.
However, this email does give off a number of tell-tale signs that it is fake, such as spelling mistakes and not addressing the user personally.
Take Home Message
Email scams or phishing come in various forms either telling someone they’ve won money; their account has been hacked or prompting a change in password.
If you’ve received an email from a sender that doesn’t seem familiar or a contact has sent you an email with information that doesn’t seem quite right, please flag it with us and we will review it for you.
Every month we will be sharing the latest in email scams courtesy of MailGuard.
To get a more comprehensive understanding of how to spot scam, please refer to one of our previous blogs:
Using mail protection software is a great way to control email, and reduce the chance of receiving such scam.
If you are interested in using MailGuard to add an extra layer of security to your email, reach out to us today at [email protected] or call us on 1300 770 035.
Comments are closed.