This post is also available in:
עברית (Hebrew)
Cybercriminals are launching a widespread phishing campaign aimed at stealing Netflix credentials and credit card information, security firm Bitdefender has warned. The ongoing scam, which began in September, has affected users in 23 countries, including Germany, Spain, the United States, France, Greece, and Australia. The fraudsters use SMS messages to trick unsuspecting victims into providing personal and financial details.
The malicious SMS messages often warn recipients of payment issues with their Netflix accounts. One example of the message reads: “NETFLIX: There was an issue processing your payment. To keep your services active, please sign in and confirm your details at [link].” While these messages may vary in language and presentation depending on the region, their goal remains the same: to steal sensitive information.
Netflix never contacts customers via SMS and never sends links requesting users to authenticate their details. These fraudulent messages often contain links that lead to phishing websites designed to look like Netflix’s official site, where users are asked to input their login credentials and payment information.
The attack is particularly effective because Netflix does not offer two-factor authentication (2FA), relying solely on usernames and passwords. This makes stolen credentials highly valuable, often ending up on the dark web where they are sold in bulk to other cybercriminals.
Bitdefender explains that cybercriminals use two main tactics to lure victims: offering rewards to entice people to click on links (“the carrot”), or creating a false sense of urgency by threatening service disruptions (“the stick”).
To protect themselves, users are advised never to click on links from unknown sources, manually type URLs when unsure, and use security solutions to detect and block malicious sites. With just one click, attackers can exploit zero-day vulnerabilities to compromise devices and escalate their access, potentially leading to devastating consequences for users.
