We’re seeing a couple of different spam mails coming through which all loop back to Netflix in some way.
Here’s an Apple ID phish from the last few days which uses Netflix payments via iTunes as bait:
The email reads as follows:
Order Receipt No. 493092733This email confirms your purchase of the following subscription:
Name of Subscription: Netflix 1S Plan Name of Application: Netflix Content Provider: Netflix, Inc. Date of purchase: 29 March 2016 Subscription Period: 1 month Price: £20.99 Payment Method: iTunes account The subscription period will automatically renew unless you turn it off no later than 24 hours before the end of the current period. To cancel auto-renewal or manage your subscriptions, click below and sign in.
You can cancel a Subscription at any time: Cancel / Refund Subscriptions
Regards, The iTunes Store team
The link leads to a non-Apple URL via the following redirection:
wastebale(dot)com/dt/dt(dot)php
to
usersidd(dot)net/uk/index(dot)php
The above page asks for Apple ID credentials. In testing, the page crashed after trying to progress to the next page so we can’t say for sure if the site only wants logins, or would subsequently ask for any form of payment information too.
Elsewhere, we saw this:
Your Netflix Account Is On HoldAccount On Hold
Sorry, but you have made too many unsuccessful attempts to verify your identity. Once that information has been updated, you can continue enjoying Netflix Please click the button below to get started. –Your friends at Netflix
As you may well have guessed, the above email is most definitely not from your friends at Netflix. The clickable link is a bit(dot)ly URL which has had around 250 clicks so far, with the majority of clickers hailing from the UK, US and France:
bit(dot)ly/1UEQCQQ
At time of writing, the destination has been taken down:
Account Suspended, contact your hosting provider for more information
It’s quite possible that more of these are doing the rounds, so if you have a Netflix account or have any sort of subscription via iTunes then please don’t entertain random requests for logins or mentions of billing irregularities. As with all of these scams, the best thing to do is navigate to the official website under your own steam and check if everything is as it should be.
Christopher Boyd
