The National CERT of the Republic of Serbia would like to inform and warn all citizens about an ongoing phishing campaign targeting the subscribers of Netflix and Spotify.

The users are sent a message via SMS or e-mail.

An example of a message that can be distributed via SMS may be as follows:

 “NETFLIX: There was an issue processing your recent payment. To keep your services active, please sign in and confirm your details at the following link”.

An example of a message that can be distributed via e-mail may be as follows:

 „We cannot proceed with payment. Your Netflix Premium payment method is not working, and we were unable to charge it.“

After accessing the link from the message, users are asked to enter their credit card information supposedly to confirm the subscription. The provision of the required data by the user enables the attackers to take over the user's bank account and withdraw the funds.

The National CERT recommends that all similar messages featuring subscription-related issues be taken with utmost caution, urging the users to pay attention to the Internet domain and only disclose their personal data at the official addresses: https://netflix.com or https://open.spotify.com/.   

The figures below features fake pages with a suspicious fraud-indicative web addresses.