Netflix phishing website targeting European users

A fake website simulating that of popular Internet video streaming Netflix has been set up to harvest European users’ personal and payment card information, warns Malwarebytes’ Jovi Umawing.

Located on a domain ( that mimics that of Neflix UK (, the site resembles its legitimate counterpart closely, and offers a free trial of Netflix.

In order to sign up for the service, users are asked to enter their name, address, mobile phone number, date of birth, payment card number, expiry date, and security code.

This is not the first time that phishers used this approach to harvest user information. A very similar Netflix-themed scheme has been spotted back in August.

As before, the typosquatting domain was registered mere days before they scheme was started, via the “Crazy Domains FZ-LLC” registrar. Unlike before, this new domain detects the visitor’s IP address and doesn’t load the page if a visit from the same IP was detected before.

This particular campaign is likely targeting UK and European users. The phishers used long URLs for the form pages, which is an effective tactic to trick users into believing that they are visiting a legitimate page, especially when using devices with small screens.

Users are directed to the phishing site via fake Netflix-themed advertising emails.

The site has been taken down in the meantime, but the fact that this (effectively) same campaign is used every so often indicates that the phishers consider it worth their time setting up. Users are advised to be careful when considering unsolicited email offers.

Netflix has been offering its video streaming services in the UK and parts of Europe since 2012. The latest expansion, in September 2014, included Austria, Belgium, France, Germany, Luxembourg and Switzerland.

Don't miss