By Jonathan Davies
Netflix customer are being warned against a phishing scam which seeks to obtain login information.
Hackers have been sending emails, claiming to be Netflix, asking users to validate their account for security reasons - a pretty simple form of email scam.
A link is placed at the bottom of emails for users to validate their information in a 'secure' place. But it links to a fraudulent page where hackers can view and access the information.
Mark Sparshott, EMEA director at email security firm, Proofpoint, said: "The latest Netflix phish uses two classic URL obfuscation techniques that Proofpoint advise individuals to pay close attention to.
"Firstly, Hyperlinks are not always what they seem - the hyperlink "Link Text" you read in an email or website can be different from the "Link Address" / website that you are taken to when you click the link. So even though you see http://www.netflix.com/ on the link within the email, the link can be to http://www.badsite.com/. The lesson here is to always preview the "Link Address" before clicking a link.
"Hovering the mouse pointer over the Link Text on a PC or "long pressing" a link on most mobile devices will reveal the Link Address without activating the link. Secondly, Link Addresses are not always what they seem - the Link Address www.netflix.co.uk.officialsoundingdepartment.emailidentifier.n.etflix.co.uk/verifyyourid does not belong to Netflix.co.uk, it takes you to etflix.co.uk.
"The lesson here is to look for the first forward-slash "/" and read backwards from there to understand the actual website the link will take you to and bear in mind this may even be off screen initially on a mobile device due to the smaller screen size. There are many other obfuscation and attack techniques, see http://www.proofpoint.com/threatinsight/."
Earlier today, security experts warned iCloud users against a very similar email phishing scam. Following the leak of hundreds of nude celebrity images, apparently sourced from an iCloud hack, scammers have emailed users posing as Apple. Customers are asked to validate their account for security reasons.
Are you concerned about cyber security? You can email your reactions to email@example.com
Join us on