If you get an email from Netflix regarding a billing failure, stop. Wait a minute. Before you update your information, beware it may be a cyber attacker impersonating your streaming service to steal your personal and credit card information.
Here’s the scenario. The attacker sends an email impersonating Netflix Support informing recipients of a billing problem due to a failure to verify personal information. The email states the receiver has to update their details or the subscription will be canceled in 24 hours (sense of urgency = red flag). Clicking a link in the email will get you to a look-alike Netflix screen for the recipient to input a username, password, and even a valid credit card. Then you have hours/days of work getting a new card number and resetting passwords.
If you fall for a phish, report it as soon as possible. Cleaning up an active incident for 30 minutes is much easier than cleaning up one 30 days old.
What has been reported to firstname.lastname@example.org this past week?
- [Ext] invoice was paid – wanting the recipient to click on an attachment
- [Ext] Action Required: Password Notification 9/6/2022 – pretending to be from Microsoft, this offers the recipient to keep the same password, which is against UTHSC policy
- [Ext] Status of refund request #5863-MNFS-9578-KLHG – another phish wanting the recipient to click an attachment
- [Ext] BANKING INFORMATION CHANGE REQUEST – this was an attempt to change an employee’s banking information for direct deposit without the employee’s knowledge. Payroll has specific procedures in place to make sure this doesn’t happen.
- [Ext] office 365 Insurance – another phish wanting the recipient to click on an attachment. The similarity to these types reported last week is that there isn’t any information in the body of the email. There is only a Subject line and an attachment, so it is hard for a recipient to investigate if it is a phish. (Just forward these to Abuse and we can investigate for you.)
- [Ext] Fwd: Invoice – here is another one, attempting to look like it came from PayPal
- [Ext] lnv: 22703 – same thing – wanting the recipient to click on an attachment
- Attn: Office Shared Document – notice this one didn’t have the [Ext], but came from a compromised account from another UT campus