Since many of us are still isolated at home, losing access to Netflix is almost as unpleasant as shutting down the Internet. Thus, any email from Netflix claiming that your payment details didn’t go through can get your attention and encourage you to act hastily. Below, we explain how the Netflix trap works and how to recognize a Netflix scam email.

How to Spot Netflix Scam Email?

At first glance, the fraudulent letter looks pretty convincing. It begins with the Netflix logo and the phrase “Something went wrong,” which may seem familiar to those whose streaming show is interrupted at the most critical moment of the show. However, a closer look reveals clear signs that email has nothing to do with Netflix.

Signs of The Netflix Email Scam:

• The sender’s email address has a different domain and is different from the original Netflix.
• A generic address is used instead of your name, which signifies that fraudsters sent this email bulk to thousands of accounts.
• The email contains elements of urgency designed to create panic so that users act quickly. For example, losing access to Netflix could be a threat if you don’t update your payment details immediately.

Sometimes scammers make a decent attempt to mimic genuine Netflix messages, and they almost succeed. But, as with most fraudulent emails, one or two details are usually missing that show it’s not a genuine email. So let’s go over everything you need to know about Netflix scam text 2022, shall we?

How the Netflix Scam Email Works

There are several common scenarios, but it’s worth mentioning a few red flags, to begin with, that suggest how it works.

1. Netflix Payment / Subscription Issues

The email says you need to update your account status by clicking on the attached Netflix phishing email link. The link will take you to a fake Netflix login page, asking you to log in and provide your credit card information. This way, scammers get the credentials and can use them to hijack your account. You can also hover over the link (without clicking) to see the actual destination URL. Still, it may be hidden behind a short link, that says nothing about its content. That is not a common practice in machine-generated notifications, so you should not follow that link either. In some cases, an attachment is pinned to an email. Opening or downloading it can install malware on your computer. This could potentially be ransomware that can lock your device and encrypt files.

2. Netflix Reward / Gift Online Survey

Sometimes the message promises you an exclusive reward, but you must take an online survey to get it. This is how scammers lure you into clicking on a built-in button that takes you to a fake Netflix survey page. It goes on to say that you can win a free one-year Netflix subscription or other “exclusive reward” by taking a simple online survey. Sounds tempting. However, there is, of course, no gift. The ultimate goal of scammers is to elicit your personal information! They will record everything you enter on these fake pages and use it to do their dirty deeds. Don’t fall for this – NEVER share your credit card or other personal information online unless you are 100% sure the website is legitimate!

What Happens if You Click on the Email Scam Link?

First, an important note – do not try to do this from a work computer that has access to your company network and data. Such security mistakes, which are easy to avoid, usually cost companies dearly. The link from the fraudulent Netflix email leads to a landing page that looks very similar to the real one. Next, you are asked to log in with your login and password.

If you’ve entered your genuine credentials, the scammer will have everything they need to log into your account and take advantage of your personal information. This may not be critical for Netflix, but given how many of us are used to reusing the same old passwords repeatedly, it won’t take long for a scammer to try to log into more sensitive accounts. To prevent this from happening, we highly recommend using a password manager.

To ensure you are on a phishing page, you can do a simple trick – enter a non-existent username and password. The original site will give you an error that the account does not exist. In this case, even after entering random credentials, the website prompts you to update your payment details. However, nothing will change – all you typed or will type in the fields on that fraudulent page will be simply transferred to hackers.

What to Do If I Receive a Fraudulent Netflix Email Scam?

Fraudulent emails are an integral part of online life. Although the quality of spam email filters continues to improve, even with services like Gmail, Outlook, and sometimes it’s hard to stay ahead of every threat. However, a few simple actions can keep you safe.

Delete or report

The easiest thing to do is delete obvious fraudulent emails. However, if you feel like a good digital citizen, you can report them first. For example, you can use an exclamation mark icon or flag spam emails. You can also forward the email to the appropriate services, such as phishing@netflix.com. Finally, notify your IT administrator if you encounter fraudulent emails on your work email account.

Do not click the suspicious links

Never click on any of the links in a potentially fraudulent email. Instead, if you want to verify your account information, open a new window or tab and go to the actual website regardless of the links in the email. Clicking the scam message will notify the crooks that your account is active – and you will be spammed even more. Moreover, some tricky techniques include token stealing. If you go by a specifically designed link while being logged into your account on the device, crooks will intercept the token and will be free to manage your account.

Avoid attachments

It’s important to say that users are getting hooked on Netflix by phishing email, as sad as it sounds. Attachments are a clever way to disguise malware and spread threats. If you see an unusual attachment in an email that you don’t expect, never open it. Those are usually MS Office files that contain macros. They only contain a Netflix text scam that asks you to activate macros execution, which is disabled by default. Macros, in its turn, connect to the command and control server, and download malicious payload to your PC. Due to the vulnerability of macros execution mechanism, it easily circumvents the security solution.

Don’t update your payment information

Never update your financial or payment information when asked to do it in an email. Most companies warn you against this. For example, Netflix says: “We will never ask for your personal information in Netflix scam text 2022 messages or emails. This includes bank account details, credit or debit card numbers or Netflix passwords“. Services rarely break their own rules, so only these rows are enough to spot a scam.

Don’t reuse the same passwords

If you use the same password to log in to multiple accounts, attackers only need to crack one of your accounts to access all the others. The effective way is to use a password manager. All you need to remember is one master password. Then the password manager will store and enter complex passwords for you. It’s a simple, inexpensive, and secure way to manage multiple logins.

The post Trending Netflix Scam Email You Should Know appeared first on Gridinsoft Blog.

Worse, the researchers found that the stolen information was available to anyone who found the FlyTrap C&C server.

Analysts believe the malware has been active since at least this spring.

Attackers use decoys distributed through Google Play and third-party Android app stores.

As a rule, such a decoy offers the user free coupons (for Netflix, Google AdWords, and so on) or offers to vote for their favorite football team and Euro 2020 player.

To do this, the victim allegedly needs to log into the application using Facebook credentials, and authentication occurs through the legitimate domain of the social network. Since the malicious apps use real Facebook SSO, they cannot directly collect user credentials. Instead, FlyTrap uses JavaScript injection to collect other sensitive data.

The information collected in this way is transmitted to the attackers’ command and control server. At the moment, more than 10,000 Android users in 144 countries of the world have become victims of this malicious campaign.

The exact data and numbers were extracted from the server of the criminals directly, as the researchers found that anyone could get access to it. According to experts, the FlyTrap C&C server had many vulnerabilities that made it easier to access stored information.

The researchers emphasize that phishing pages that steal credentials are not the only tool used by fraudsters. As the FlyTrap example shows, logging in through a legitimate domain can also be risky.

Let me remind you that I also talked about Alien malware that steals passwords from 226 Android apps.

The post FlyTrap Android malware compromised over 10,000 Facebook accounts appeared first on Gridinsoft Blog.

For detecting this method of attacks, the researcher has already received more than $130,000 from various companies through bug bounty programs. The fact is that, using this problem, the specialist was able to upload his own (harmless) code to the systems of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, Uber and other companies.

The essence of dependency confusion is simple: malware from open source repositories (including PyPI, npm and RubyGems) is automatically distributed further along the entire supply chain, penetrating into internal applications of companies without any user involvement. This is what distinguishes the attack from the usual typesquatting.

This simple idea of Birsan was pushed last year by his colleague, another information security expert Justin Gardner. He shared with Birsan the package.json manifest file from the npm package used internally by PayPal. It turned out that some of the packages from the manifest are not in the public npm repository, they are private packages created by PayPal engineers, and they are used and stored only within the company.

Looking at this, Birsan wondered if a package with the same name should exist in the public npm repository, and if so, which one would eventually take precedence?

To test his theory, the researcher started looking for the names of other private packages that can be found in manifest files in GitHub repositories or CDNs of well-known companies, which are not in the public repositories.

After discovering several such targets, Birsan began creating fake projects with the same names in npm, PyPI and RubyGems (although Birsan notes that other package managers, including JFrog and NuGet, are also vulnerable).

The expert created these fakes from under his account and accompanied them by an explanation that they were intended solely for security research and did not contain any useful code.

This experiment showed that if a dependency package used by an application exists in both a public open source repository and a private build, the public package eventually gets priority and will be used without any action from the developer. It also turns out that in the case of PyPI packages, the higher version takes precedence no matter where it is located.

Then, using the same tactics, Birsan launched successful attacks against Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Uber and other big companies, simply by publishing packages with the same names as the packages used internally.

All of the investigator’s test packages contained preinstalled scripts that automatically run a script to retrieve identifying information from the “infected” machine, right after the package pool. Realizing that his scripts would establish connections from secure corporate networks, Birsan decided to bypass security mechanisms by using DNS to retrieve data.

An example of such a script can be seen in the illustration below: it informs the researcher that the IP address from which the request originates belongs to PayPal, and also reports the username and home directory of the affected system.

After collecting the data and making sure that he was right, the researcher began to report his findings to vulnerable companies, receiving rewards through bug bounty programs. For example, PayPal has already published an expert report on HackerOne and paid him $30,000; Yelp also confirmed Birsan’s findings and rewarded him with $15,000.

However, Microsoft is perhaps the most serious about dependency confusion. This issue was assigned an identifier CVE-2021-24105 (for Azure Artifactory), and the company not only paid the expert $40,000, but also published its own whitepaper detailing the problem and proposing solutions.

In particular, Microsoft engineers recommend minimizing risks by protecting private packages using controlled areas in public repositories, as well as using client-side verification (versioning, integrity checking).

Let me remind also you that the researcher discovered that Chrome Sync function can be used to steal data.

The post Researcher compromised 35 companies through new “dependency confusion” attack appeared first on Gridinsoft Blog.

Researchers say the total number of cyberattacks has declined since the onset of the coronavirus pandemic and subsequent economic downturn. However, the number of attacks related to COIVD-19 has significantly increased against this background – in fact, on this blog, news on this topic appears more and more often.

In the period from January to March 2020, researchers recorded a monthly decrease in hacker attacks on organizations by 17% around the world. However, since mid-February, there has been a significant increase in the number of attacks associated with coronavirus.

So, only in the last two weeks their number has risen sharply from several hundred to more than 5,000 per day. On average, more than 2,600 attacks are made daily.

The following resources are potentially malicious:

• Sites with the word “corona” or “covid” in the domain;
• files whose names include the word “corona” or related words;
• files distributed by e-mail mentioning the coronavirus in the subject line.

84% of all attacks were triggered by phishing sites from which fake emails were sent even allegedly from WHO. In approximately 2% of cases, the transition to a malicious website was carried out from a mobile device.

Over the past two weeks, more than 30,103 new domains related to the theme of coronavirus have been registered, of which 0.4% (131) were found to be malicious, 9% (2,777) were considered suspicious. Thus, since January 2020, a total of more than 51,000 coronavirus-related domains have been registered.

Also, the pandemic and the global transition to remote job led to an increase in the number of Netflix subscribers, which, in turn, aroused interest in the streaming platform by scammers. Over the past two weeks, there has been a twofold increase in phishing attacks by sites posing as Netflix’s original resources. On some of these sites, attackers install payment systems in order to fraudulently receive money and personal data of users.

Fake Netflix

“Obviously, a significant increase in the number of cyberattacks is associated with the active dissemination of news about coronavirus worldwide. Because a large number of people now are forced to work from home, attackers have shifted their focus of attention from large businesses to private users. As a result, we see an increase in malicious attacks on resources such as Zoom or Netflix,” — says Check Point Software reresentative. – In order not to become the next victim of cyber fraud, it is extremely important to exercise increased caution and attention. This is especially true for suspicious sites, links or files received by mailing.”

Check Point experts advise to adhere to the following recommendations for safe behavior on the Internet, so as not to become a victim of online fraud:

• Pay attention to spelling errors in site names and in mailing lists.
• Be careful with files received by e-mail from unknown senders, especially if you are asked to perform an atypical action when opening them.
• Make sure you order goods from an official store. One way to do this is not to click on the links with ads from emails, but to find the company you need on Google and follow the link on the page with the search results.
• Beware of “special offers.” For example, the offer of “an exclusive medicine for coronavirus” should be in doubt.
• Make sure that you use different passwords for each application and each account.

The post The number of “coronavirus” cyberattacks increased to 5,000 per day appeared first on Gridinsoft Blog.