There has been detected a phishing in the video platform Netflix, through a link that is being diffused through the messenger channel WhatsApp, under the demand of a free subscription and using the COVID-19 bait. However, this phenomenon could extend to other entertainment platforms or through other channels like the email. The objective is to redirect the victim to a site that emulates to be legitimate to steal their personal data or the bank data.
Affected resources
Any user that enters the link and give their personal data.
Solution:
If you received a message or an email with this properties and have accessed to the link and given your personal data or databank (card number, security code etc…), contact ASAP with your financial entity to inform about what happened.
Avoid being victim from phishing fraud following our recommendations:
- Do not open emails from unknown users or that you haven’t asked for, delete them directly. Do not reply to them at any cost.
- Be careful when you follow links from the messages and when you download attached files from the emails, although they are from people you know.
- If there is no certification, or if is not from the site that we access, do no not give any kind of personal information: username, password, databank, etc…
- When you have doubt, consult directly with the involved company or with trusty third parties, like the State security forces (FCSE) or calling to 017, your help in cyber security of INCIBE.
Details
This new phishing campaign, that impersonate the identity of Netflix, is being spread through the instant message app WhatsApp. Use as bait a supposed free subscription due the coronavirus threat, which make the user to access the link that follows the message:
It is not discarded the proliferation of similar campaigns using the image of other entertainment channels and spread through other way like emails. Once the user clicks the link, it is redirected to a little survey and once it’s over, they say to share the message between their contacts to enjoy the promotion.
After sharing the link, it will be notified that you have been the winner of a gift card to exchange in a supermarket or other service. To enjoy this promotion, personal data and databank will be asked:
This kind of fraud is known as phishing. To obtain more info about it, we recommend consulting the next content site: Phishing, graphic version and Phishing, the fashion that never gets old.