Attackers attempt to break bad with customers' credit card information
Daredevil hackers are targeting Netflix users with a new phishing
attack that attempts to break bad with their credit card details.
Security outfit FireEye discovers the scam, which targets binge watchers using an email asking them to update their Netflix membership details. If users are fooled into clicking the malicious link within the
email, they’ll find themselves directed to a legitimate looking Netflix
login page. One signed in, they will be asked to enter further details such as their name, date of birth, billing address and payment card information, and then directed to the official Netflix website.
As pointed out by FireEye, “the scam uses some clever techniques to evade phishing filters. The first is the AES encryption, which encodes the content presented at the client’s side, and host-based evasion to ensure the phishing pages are not displayed to users at certain IP addresses.“The host name of organisations such as ‘phishtank’ and ‘google’ are blacklisted,” FireEye explains. “The host name of the client is compared against a list of blacklisted host names. If there is a match against the blacklist, a “404 Not Found” error page is presented.
Here, the hackers add the IPs of Cybersecurity teams, which check the server for phishing script, in the blacklist. That means, when the Cybersecurity team checks the site for the phishing script, the server redirects them to a "404 - Page not Found" error. And that's why the phishing page remains and thus Unblocked.
The security firm goes on to note that the phishing campaigns it
observed are no longer active, so it’s unlikely this scam will bring
whole House of Cards down for the streaming giant. Stranger Things have
happened, though.
Hackers used two methods, the first involving a malware that tricked
people into believing they’ve downloaded official Netflix software.
Clicking on the dodgy file downloads a trojan in the form of
Infostealer. Banload, which is capable of lifting sensitive information
including banking details.
The second method, like this latest scam, targets users via phishing
campaigns that attempted to redirect people to a fake Netflix website.
Source: theinquirer.net
Here's a homework for our readers..
ReplyDeleteYou all have read the above article and came up with some new words like Phishing, FireEye, AES encryption, Malware and Trojans. Try to have some research on it.
Meanwhile I will carry on with my new posts and all the terms listed above will be covered in my upcoming tutorials.
Thanks..
Visit here for more information :
ReplyDeletehttps://www.fireeye.com/blog/threat-research/2017/01/credit_card_dataand.html
CONTACT: onlineghosthacker247 @gmail. com
ReplyDelete-Find Out If Your Husband/Wife or Boyfriend/Girlfriend Is Cheating On You
-Let them Help You Hack Any Website Or Database
-Hack Into Any University Portal; To Change Your Grades Or Upgrade Any Personal Information/Examination Questions
-Hack Email; Mobile Phones; Whatsapp; Text Messages; Call Logs; Facebook And Other Social Media Accounts
-And All Related Services
- let them help you in recovery any lost fund scam from you
onlineghosthacker Will Get The Job Done For You
onlineghosthacker247 @gmail. com
TESTED AND TRUSTED!