In the News
In FTC Warns of Netflix Phishing Scam Making Rounds, Lindsey O’Donnell at ThreatPost discusses a phishing email scam intended to steal the payment information of Netflix users. O’Donnell explains that this phishing attack prompts users to open an email which appears to be from Netflix regarding an issue with their payment for the subscription service and then requires the user to input their payment information. O’Donnell states that Netflix will never require users to perform such a request and will always ask for payment information through the platform itself, not through email.
Our Take
Phishing scams targeting subscription-based services capitalize on the trust that a user has in the company to which they subscribe. This trust prompts users to input personal and financial information into unverified links and attachments which results in their data being obtained by malicious attackers. As seen with the Netflix scam, phishing attacks use subject lines prompting quick action regarding an issue with one’s account. This urgent nature of an email should serve as a warning to all users. If you are not expecting a problem with an account, proceed with caution. Opening links in separate tabs or checking your account provider on their specific site are safe ways to prevent yourself from exposing your personal information.
Recommendations
How can you protect your data and finances from phishing attacks?
- Understand the risks of putting your personal information into the world, and only share what you have to
- Use safe password practices, and take advantage of Multi-factor Authentication where possible
- Avoid clicking directly on links, whether in email or social media – always search through your search engine to verify legitimacy and find the appropriate site
- Refrain from opening suspicious attachments
- Pay particular attention to messages that threaten to cut off a service or promise unlikely rewards–these are intended to get you to act quickly without thinking
- Stay up to date on the news regarding recent fraud and phishing attacks to see if you may have been affected