Cybersecurity company, FireEye, has discovered a phishing campaign heavily targeting U.S-based Netflix users. This campaign is designed to trick Netflix users into clicking a malicious link by attempting to convince them that they need to update their membership information. Once clicked, the link redirects users to a phony Netflix login page that requests login credentials and, on subsequent pages, billing address, and payment card information which, if submitted, sends the information to the attackers. FireEye has more information about this threat here. The NJCCIC assesses many US households are vulnerable to this phishing campaign and it is probable there will be numerous victims.
The NJCCIC recommends users log into Netflix directly through its URL to view or change account information and to never access their accounts through links sent in emails, text messages, or through social media platforms.