Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Fake Netflix Update Request by Text SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Fake Netflix Update Request by Text

In the past week, I have received texts asking to update my Netflix account information. It is obvious the URL listed in the text isn't Netflix. The text looks like this:

I downloaded the URL to see what the website look like using wget nfca03-novm19-h13[.]com which resolves to 146.0.76.74 located in the Netherlands. The webpage looks interesting but it is obvious it doesn't look like the real website. The inbound phone number is located in Canada and their real goal is to obtain fraudulent credit card information.

[1] https://whocallsinfo.com/6476146420
[2] https://isc.sans.edu/ipinfo.html?ip=146.0.76.74

-----------
Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

Guy

448 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!