A recent SMS phishing campaign spoofed Netflix and encouraged recipients to click a fake link and login to a Netflix-themed phishing page. The domain itself contains a misspelling of "netflix". When the link is clicked, the recipient is presented with a Captcha, after solving it a fake Netflix login page is shown.

If  a user enters their login information, they are taken to a screen which solitics additional personal information, such as an address and date of birth. After this page, the user is presented with a page asking for payment card information.

In addition to banking, postal and other services used by Canadians, fraudsters also leverage popular entertainment services in order to trick Canadians into handing over their login credentials and credit card information.

IOCs

myaccoun1tnetflfixssl[.]info

62.122.184[.]241

[IOC Details]