There’s a new scammer on the block – and it is disturbingly good at imitating Netflix.

How it works

The attack starts with a phishing email that manages to bypass security filters and appears credible. Claiming to be from Netflix, the email tells the user that their account will be cancelled unless verification is provided within 24 hours, including a link that takes the user to a functioning CAPTCHA verification page. It is this element in particular that lends the scam legitimacy.

Once the CAPTCHA information is entered, the user is directed to a fake Netflix landing page, where they are prompted to enter their personal information and credit card details.

Armorblox, the security company which originally detected the scam, notes that users may possibly be left completely oblivious about what just took place: “Once the phishing flow was complete, targets were redirected to the real Netflix home page, none the wiser about being compromised.”

How to spot the scam

But the scam has plenty of tells for the scrupulous observer – for starters, the landing page url is axxisgeo.com, and not Netflix. Also, clicking virtually any other button on the page will simply refresh the page the user is already on.