Netflix Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Wed, 15 May 2024 21:33:56 +0000 en-US hourly 1 https://wordpress.org/?v=64901 200474804 Trending Netflix Scam Email You Should Know https://gridinsoft.com/blogs/netflix-email-scam/ https://gridinsoft.com/blogs/netflix-email-scam/#comments Wed, 15 May 2024 18:17:55 +0000 https://gridinsoft.com/blogs/?p=11266 These days, phishing Netflix scam email are gaining momentum because they target the human factor, which is the most vulnerable part of the security system. Scammers often masquerade as reputable, easily identifiable organizations. To understand the magnitude of the problem, it’s worth noting that Netflix customers are warned to beware of phishing emails purportedly sent… Continue reading Trending Netflix Scam Email You Should Know

The post Trending Netflix Scam Email You Should Know appeared first on Gridinsoft Blog.

]]>
These days, phishing Netflix scam email are gaining momentum because they target the human factor, which is the most vulnerable part of the security system. Scammers often masquerade as reputable, easily identifiable organizations. To understand the magnitude of the problem, it’s worth noting that Netflix customers are warned to beware of phishing emails purportedly sent by Netflix. These emails look so convincing that recipients don’t hesitate to click on the links supposedly to update their Netflix account information and fall victim to these emails, risking massive data and financial loss.

Since many of us are still isolated at home, losing access to Netflix is almost as unpleasant as shutting down the Internet. Thus, any email from Netflix claiming that your payment details didn’t go through can get your attention and encourage you to act hastily. Below, we explain how the Netflix trap works and how to recognize a Netflix scam email.

How to Spot Netflix Scam Email?

At first glance, the fraudulent letter looks pretty convincing. It begins with the Netflix logo and the phrase “Something went wrong,” which may seem familiar to those whose streaming show is interrupted at the most critical moment of the show. However, a closer look reveals clear signs that email has nothing to do with Netflix.

Signs of The Netflix Email Scam:

  • The sender’s email address has a different domain and is different from the original Netflix.
  • A generic address is used instead of your name, which signifies that fraudsters sent this email bulk to thousands of accounts.
  • The email contains elements of urgency designed to create panic so that users act quickly. For example, losing access to Netflix could be a threat if you don’t update your payment details immediately.
Example of a Netflix Scams
Example of a scam message

Sometimes scammers make a decent attempt to mimic genuine Netflix messages, and they almost succeed. But, as with most fraudulent emails, one or two details are usually missing that show it’s not a genuine email. So let’s go over everything you need to know about Netflix scam text 2022, shall we?

How the Netflix Scam Email Works

There are several common scenarios, but it’s worth mentioning a few red flags, to begin with, that suggest how it works.

1. Netflix Payment / Subscription Issues

The email says you need to update your account status by clicking on the attached Netflix phishing email link. The link will take you to a fake Netflix login page, asking you to log in and provide your credit card information. This way, scammers get the credentials and can use them to hijack your account. You can also hover over the link (without clicking) to see the actual destination URL. Still, it may be hidden behind a short link, that says nothing about its content. That is not a common practice in machine-generated notifications, so you should not follow that link either. In some cases, an attachment is pinned to an email. Opening or downloading it can install malware on your computer. This could potentially be ransomware that can lock your device and encrypt files.

2. Netflix Reward / Gift Online Survey

Sometimes the message promises you an exclusive reward, but you must take an online survey to get it. This is how scammers lure you into clicking on a built-in button that takes you to a fake Netflix survey page. It goes on to say that you can win a free one-year Netflix subscription or other “exclusive reward” by taking a simple online survey. Sounds tempting. However, there is, of course, no gift. The ultimate goal of scammers is to elicit your personal information! They will record everything you enter on these fake pages and use it to do their dirty deeds. Don’t fall for this – NEVER share your credit card or other personal information online unless you are 100% sure the website is legitimate!

Netflix Scam Email: Top Netflix Scams 2022 (Phishing Texts, Emails)
Scammers offer to take an online survey

What Happens if You Click on the Email Scam Link?

First, an important note – do not try to do this from a work computer that has access to your company network and data. Such security mistakes, which are easy to avoid, usually cost companies dearly. The link from the fraudulent Netflix email leads to a landing page that looks very similar to the real one. Next, you are asked to log in with your login and password.

If you’ve entered your genuine credentials, the scammer will have everything they need to log into your account and take advantage of your personal information. This may not be critical for Netflix, but given how many of us are used to reusing the same old passwords repeatedly, it won’t take long for a scammer to try to log into more sensitive accounts. To prevent this from happening, we highly recommend using a password manager.

Trending Netflix Scam Email You Should Know

To ensure you are on a phishing page, you can do a simple trick – enter a non-existent username and password. The original site will give you an error that the account does not exist. In this case, even after entering random credentials, the website prompts you to update your payment details. However, nothing will change – all you typed or will type in the fields on that fraudulent page will be simply transferred to hackers.

Netflix Scam: Fake Netflix Card Request
Whatever you entered earlier, you will eventually be asked for your card information

What to Do If I Receive a Fraudulent Netflix Email Scam?

Fraudulent emails are an integral part of online life. Although the quality of spam email filters continues to improve, even with services like Gmail, Outlook, and sometimes it’s hard to stay ahead of every threat. However, a few simple actions can keep you safe.

Delete or report

The easiest thing to do is delete obvious fraudulent emails. However, if you feel like a good digital citizen, you can report them first. For example, you can use an exclamation mark icon or flag spam emails. You can also forward the email to the appropriate services, such as phishing@netflix.com. Finally, notify your IT administrator if you encounter fraudulent emails on your work email account.

Do not click the suspicious links

Never click on any of the links in a potentially fraudulent email. Instead, if you want to verify your account information, open a new window or tab and go to the actual website regardless of the links in the email. Clicking the scam message will notify the crooks that your account is active – and you will be spammed even more. Moreover, some tricky techniques include token stealing. If you go by a specifically designed link while being logged into your account on the device, crooks will intercept the token and will be free to manage your account.

Avoid attachments

It’s important to say that users are getting hooked on Netflix by phishing email, as sad as it sounds. Attachments are a clever way to disguise malware and spread threats. If you see an unusual attachment in an email that you don’t expect, never open it. Those are usually MS Office files that contain macros. They only contain a Netflix text scam that asks you to activate macros execution, which is disabled by default. Macros, in its turn, connect to the command and control server, and download malicious payload to your PC. Due to the vulnerability of macros execution mechanism, it easily circumvents the security solution.

Netflix Scam Email
Take your time to see what’s in this attachment

Don’t update your payment information

Never update your financial or payment information when asked to do it in an email. Most companies warn you against this. For example, Netflix says: “We will never ask for your personal information in Netflix scam text 2022 messages or emails. This includes bank account details, credit or debit card numbers or Netflix passwords“. Services rarely break their own rules, so only these rows are enough to spot a scam.

Don’t reuse the same passwords

If you use the same password to log in to multiple accounts, attackers only need to crack one of your accounts to access all the others. The effective way is to use a password manager. All you need to remember is one master password. Then the password manager will store and enter complex passwords for you. It’s a simple, inexpensive, and secure way to manage multiple logins.

The post Trending Netflix Scam Email You Should Know appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/netflix-email-scam/feed/ 1 11266
FlyTrap Android malware compromised over 10,000 Facebook accounts https://gridinsoft.com/blogs/flytrap-android-malware/ https://gridinsoft.com/blogs/flytrap-android-malware/#respond Wed, 11 Aug 2021 16:56:38 +0000 https://blog.gridinsoft.com/?p=5808 According to experts from Zimperium, Android malware FlyTrap hijacks Facebook accounts in 140 countries around the world by stealing session cookies. Worse, the researchers found that the stolen information was available to anyone who found the FlyTrap C&C server. Analysts believe the malware has been active since at least this spring. Attackers use decoys distributed… Continue reading FlyTrap Android malware compromised over 10,000 Facebook accounts

The post FlyTrap Android malware compromised over 10,000 Facebook accounts appeared first on Gridinsoft Blog.

]]>
According to experts from Zimperium, Android malware FlyTrap hijacks Facebook accounts in 140 countries around the world by stealing session cookies.

Worse, the researchers found that the stolen information was available to anyone who found the FlyTrap C&C server.

Analysts believe the malware has been active since at least this spring.

Forensic evidence of this active Android Trojan attack, which we have named FlyTrap, points to malicious parties out of Vietnam running this session hijacking campaign since March 2021.Zimperium specialists write.

Attackers use decoys distributed through Google Play and third-party Android app stores.

As a rule, such a decoy offers the user free coupons (for Netflix, Google AdWords, and so on) or offers to vote for their favorite football team and Euro 2020 player.

FlyTrap Android malware

To do this, the victim allegedly needs to log into the application using Facebook credentials, and authentication occurs through the legitimate domain of the social network. Since the malicious apps use real Facebook SSO, they cannot directly collect user credentials. Instead, FlyTrap uses JavaScript injection to collect other sensitive data.

The application opens a real URL inside a WebView configured using JavaScript injection, which allows it to retrieve all the information it needs, including cookies, user account details, location information, and IP address.the experts write.

The information collected in this way is transmitted to the attackers’ command and control server. At the moment, more than 10,000 Android users in 144 countries of the world have become victims of this malicious campaign.

FlyTrap Android malware

The exact data and numbers were extracted from the server of the criminals directly, as the researchers found that anyone could get access to it. According to experts, the FlyTrap C&C server had many vulnerabilities that made it easier to access stored information.

The researchers emphasize that phishing pages that steal credentials are not the only tool used by fraudsters. As the FlyTrap example shows, logging in through a legitimate domain can also be risky.

Let me remind you that I also talked about Alien malware that steals passwords from 226 Android apps.

The post FlyTrap Android malware compromised over 10,000 Facebook accounts appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/flytrap-android-malware/feed/ 0 5808
Researcher compromised 35 companies through new “dependency confusion” attack https://gridinsoft.com/blogs/researcher-compromised-35-companies-through-new-dependency-confusion-attack/ https://gridinsoft.com/blogs/researcher-compromised-35-companies-through-new-dependency-confusion-attack/#respond Thu, 11 Feb 2021 16:07:40 +0000 https://blog.gridinsoft.com/?p=5094 Information security expert Alex Birsan spoke about a new attack called “dependency confusion”. The problem is a variation of the supply chain attack. Besides the name “dependency confusion”, the attacks is also called a “substitution attack”. For detecting this method of attacks, the researcher has already received more than $130,000 from various companies through bug… Continue reading Researcher compromised 35 companies through new “dependency confusion” attack

The post Researcher compromised 35 companies through new “dependency confusion” attack appeared first on Gridinsoft Blog.

]]>
Information security expert Alex Birsan spoke about a new attack called “dependency confusion”. The problem is a variation of the supply chain attack. Besides the name “dependency confusion”, the attacks is also called a “substitution attack”.

For detecting this method of attacks, the researcher has already received more than $130,000 from various companies through bug bounty programs. The fact is that, using this problem, the specialist was able to upload his own (harmless) code to the systems of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, Uber and other companies.

The essence of dependency confusion is simple: malware from open source repositories (including PyPI, npm and RubyGems) is automatically distributed further along the entire supply chain, penetrating into internal applications of companies without any user involvement. This is what distinguishes the attack from the usual typesquatting.

This simple idea of Birsan was pushed last year by his colleague, another information security expert Justin Gardner. He shared with Birsan the package.json manifest file from the npm package used internally by PayPal. It turned out that some of the packages from the manifest are not in the public npm repository, they are private packages created by PayPal engineers, and they are used and stored only within the company.

new dependency confusion attack

Looking at this, Birsan wondered if a package with the same name should exist in the public npm repository, and if so, which one would eventually take precedence?

To test his theory, the researcher started looking for the names of other private packages that can be found in manifest files in GitHub repositories or CDNs of well-known companies, which are not in the public repositories.

After discovering several such targets, Birsan began creating fake projects with the same names in npm, PyPI and RubyGems (although Birsan notes that other package managers, including JFrog and NuGet, are also vulnerable).

The expert created these fakes from under his account and accompanied them by an explanation that they were intended solely for security research and did not contain any useful code.

new dependency confusion attack

This experiment showed that if a dependency package used by an application exists in both a public open source repository and a private build, the public package eventually gets priority and will be used without any action from the developer. It also turns out that in the case of PyPI packages, the higher version takes precedence no matter where it is located.

Then, using the same tactics, Birsan launched successful attacks against Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Uber and other big companies, simply by publishing packages with the same names as the packages used internally.

Such vulnerabilities and flaws in automated build or install tools can lead to public dependencies being mistaken for internal dependencies of the same name.Birsan told Bleeping Computer.

All of the investigator’s test packages contained preinstalled scripts that automatically run a script to retrieve identifying information from the “infected” machine, right after the package pool. Realizing that his scripts would establish connections from secure corporate networks, Birsan decided to bypass security mechanisms by using DNS to retrieve data.

An example of such a script can be seen in the illustration below: it informs the researcher that the IP address from which the request originates belongs to PayPal, and also reports the username and home directory of the affected system.

new dependency confusion attack

After collecting the data and making sure that he was right, the researcher began to report his findings to vulnerable companies, receiving rewards through bug bounty programs. For example, PayPal has already published an expert report on HackerOne and paid him $30,000; Yelp also confirmed Birsan’s findings and rewarded him with $15,000.

However, Microsoft is perhaps the most serious about dependency confusion. This issue was assigned an identifier CVE-2021-24105 (for Azure Artifactory), and the company not only paid the expert $40,000, but also published its own whitepaper detailing the problem and proposing solutions.

In particular, Microsoft engineers recommend minimizing risks by protecting private packages using controlled areas in public repositories, as well as using client-side verification (versioning, integrity checking).

Let me remind also you that the researcher discovered that Chrome Sync function can be used to steal data.

The post Researcher compromised 35 companies through new “dependency confusion” attack appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/researcher-compromised-35-companies-through-new-dependency-confusion-attack/feed/ 0 5094
The number of “coronavirus” cyberattacks increased to 5,000 per day https://gridinsoft.com/blogs/the-number-of-coronavirus-cyberattacks-increased-to-5000-per-day/ https://gridinsoft.com/blogs/the-number-of-coronavirus-cyberattacks-increased-to-5000-per-day/#respond Fri, 03 Apr 2020 16:38:34 +0000 https://blog.gridinsoft.com/?p=3637 Check Point experts estimated that the number of “coronavirus” cyberattacks increased to 5,000 per day, and number of attacks on sites posing as Netflix services doubled. Researchers say the total number of cyberattacks has declined since the onset of the coronavirus pandemic and subsequent economic downturn. However, the number of attacks related to COIVD-19 has… Continue reading The number of “coronavirus” cyberattacks increased to 5,000 per day

The post The number of “coronavirus” cyberattacks increased to 5,000 per day appeared first on Gridinsoft Blog.

]]>
Check Point experts estimated that the number of “coronavirus” cyberattacks increased to 5,000 per day, and number of attacks on sites posing as Netflix services doubled.

Researchers say the total number of cyberattacks has declined since the onset of the coronavirus pandemic and subsequent economic downturn. However, the number of attacks related to COIVD-19 has significantly increased against this background – in fact, on this blog, news on this topic appears more and more often.

In the period from January to March 2020, researchers recorded a monthly decrease in hacker attacks on organizations by 17% around the world. However, since mid-February, there has been a significant increase in the number of attacks associated with coronavirus.

So, only in the last two weeks their number has risen sharply from several hundred to more than 5,000 per day. On average, more than 2,600 attacks are made daily.

Increased number of "coronavirus" cyberattacks

The following resources are potentially malicious:

  • Sites with the word “corona” or “covid” in the domain;
  • files whose names include the word “corona” or related words;
  • files distributed by e-mail mentioning the coronavirus in the subject line.

84% of all attacks were triggered by phishing sites from which fake emails were sent even allegedly from WHO. In approximately 2% of cases, the transition to a malicious website was carried out from a mobile device.

Over the past two weeks, more than 30,103 new domains related to the theme of coronavirus have been registered, of which 0.4% (131) were found to be malicious, 9% (2,777) were considered suspicious. Thus, since January 2020, a total of more than 51,000 coronavirus-related domains have been registered.

Increased number of "coronavirus" cyberattacks

Also, the pandemic and the global transition to remote job led to an increase in the number of Netflix subscribers, which, in turn, aroused interest in the streaming platform by scammers. Over the past two weeks, there has been a twofold increase in phishing attacks by sites posing as Netflix’s original resources. On some of these sites, attackers install payment systems in order to fraudulently receive money and personal data of users.

Fake Netflix

“Obviously, a significant increase in the number of cyberattacks is associated with the active dissemination of news about coronavirus worldwide. Because a large number of people now are forced to work from home, attackers have shifted their focus of attention from large businesses to private users. As a result, we see an increase in malicious attacks on resources such as Zoom or Netflix,” — says Check Point Software reresentative. – In order not to become the next victim of cyber fraud, it is extremely important to exercise increased caution and attention. This is especially true for suspicious sites, links or files received by mailing.”

Check Point experts advise to adhere to the following recommendations for safe behavior on the Internet, so as not to become a victim of online fraud:

  • Pay attention to spelling errors in site names and in mailing lists.
  • Be careful with files received by e-mail from unknown senders, especially if you are asked to perform an atypical action when opening them.
  • Make sure you order goods from an official store. One way to do this is not to click on the links with ads from emails, but to find the company you need on Google and follow the link on the page with the search results.
  • Beware of “special offers.” For example, the offer of “an exclusive medicine for coronavirus” should be in doubt.
  • Make sure that you use different passwords for each application and each account.

The post The number of “coronavirus” cyberattacks increased to 5,000 per day appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/the-number-of-coronavirus-cyberattacks-increased-to-5000-per-day/feed/ 0 3637