8FPH20-00080-01 CSIRT warns of phishing campaign in streaming service

Summary

The Computer Security Incident Response Team (CSIRT) has identified a phishing campaign through an email whose message tries to deceive users of the Streaming Netflix company.

The email indicates that a temporary membership block was made to keep the account secure and the account must be reactivated within 24 hours. The scammers provide a link to restore the account, prompting their victims to enter the link. The link directs you to a site similar to that of the Netflix company, where the attackers ask their victims for their account details and then redirect them to a new page to request the credit card details.

 

Observation

We request to take into account the signals of commitment as a whole

 

Commitment Indicators

Url’s:

https[://]wadirumdesert[.]com/new/wp-content/themes/neve/gutenberg/blocks/contact/

http[://]arquitecturadechile[.]cl/reply/TV/NETFLIX/netflix/Login/sign-in[.]php?id=2568711

 

Smtp Host

[88 [.] 208 [.] 236 [.] 214]

[59 [.] 157 [.] 133 [.] 2]

[74 [.] 208 [.] 252 [.] 44]

[59 [.] 106 [.] 13 [.] 154]

 

Sender

apache @ server88-208-236-214 [.] live-servers [.] net

maile9682 @ dream [.] jp

info @ patilcomputers [.] com

takahashi @ kochi-royal [.] com

 

Subject:

Netflix: Account Notification

 

Recommendations

Keep your platforms updated (Office, Windows, Adobe Acrobat, Oracle Java and others)
Evaluate the preventive blocking of commitment indicators
Keep all technology and threat detection platforms updated
Review the security controls of the AntiSpam and SandBoxing
Perform permanent awareness for users about these types of threats
View the websites that are entered that are official