Recipients have been receiving emails that appear identical to official Netflix and American Express communications.
In both cases, the ultimate goal is to convince customers to hand over their credit or debit card information. Microsoft has sent a couple of different tweets out about the issue. One of them assures customers that “Machine learning and detonation-based protections in Office 365 ATP protect customers against both campaigns.”
And another warned that “The Netflix campaign lures recipients into giving away credit card and SSN info using a ‘Your account is on hold’ email and a well-crafted payment form attached to the email.”
The unfortunate truth is that emails like the ones currently in play are extremely easy to craft and very compelling. The hackers simply play on the fears of the customer, making it sound as though if they don’t take immediate action they’ll lose access to a valued service they’ve come to rely on.
There’s essentially no cost to the hacker for pushing out hundreds, or even thousands of emails like the ones currently being used. For each victim that falls prey to the tactic, the costs can be enormous.
As ever, the first best line of defense is education and awareness. In addition to that, if there’s ever any question at all about the status of your account, the best thing you can do is to address the issue via another channel.
In other words, don’t simply reply to the email you received. Open a new tab, look up the company’s customer support number and call to verify. Doing so will tell you in short order whether the email you received was legitimate, or someone trying to separate you from your hard-earned money.