Dec 21, 2010 08:23 GMT  ·  By

Security researchers from Trend Micro warn of a phishing campaign targeting Netflix customers, which produces emails claiming their accounts were suspended.

The rogue emails cite credit card problems and instruct users to log into their accounts via the included link in order to update their payment information.

The messages are titled "Your Account Has Been Suspended" and read "We are sending this email to let you know that your credit card has been expired. To update your account information, please visit Your Account."

Phishers used a real Netflix email template when creating this campaign in order to add credibility to the messages. It bears the company's logo, disclaimer, contact information and color scheme.

The phishing attack works in two steps. The first one is meant to steal Netflix account credentials, the advertised link taking users to a website mimicking the Netflix login page.

Once the victims input their credentials, they are redirected to a second page displaying a form to input credit card details and other financial information.

Netflix is a very popular movie streaming and rental service, estimated to account for over a fifth of daily US Internet traffic at peak hours.

The company is also expanding outside of the United States, with Canada recently becoming its first international venture.

History has repeatedly shown that increases in popularity always attract the attention of cyber criminals, which favor targets that give them access to big pools of potential victims.

This Netflix-themed phishing campaign follows a malware distribution one targeting the company's customers back in September.

A wave of spam emails detected at the time posed as official communications from the company and directed users to a drive-by download website that silently infected their computers with malware.

People are advised to exercise caution when dealing with links in emails, even when they appear to originate from trusted sources. The real Netflix sign in page is protected with SSL and its address should begin with https://www.netflix.com.

Photo Gallery (2 Images)

Netflix users targeted by phishers
Netflix phishing email
Open gallery