This scam email is nearly well designed. The scammers are using a template system to create individualized reports with specific recipient data.
This works like a mail-merge; the body of the email is generic, but the sender field is composed to show the name of the indicated victim, which personalizes the scam getting it more convincing.
In this case, the scammer’s method has not worked as well as they expected. we can observe that the ‘recipient’ field in the email has not been merged successfully.
Aside from the mistake with the recipient name field, this email looks quite acceptable. The message tells the designated victim that their Netflix billing data has been invalidated and urges them to update their details on the website. If the receiver clicks the link in the email they are delivered to a fake Netflix page, that asks them to log in and then enter their personal information, including credit card details.
Of course, this website is absolutely bogus and is just a device for the scammers to steal the victim’s identity and credit card data.
The fake Netflix site this scam is using is built on a conciliated WordPress blog. Scammers can break into WordPress sites by creating use of vulnerabilities in blog plugins and once in, they can make the website look enough like a real Netflix login page to trick their victims.
With the specific data the fake website form asks for: address; credit card details; driver’s license; mother’s maiden name; etc, the scammers could potentially achieve an identity theft and gain access to the victim’s bank records as well as their credit cards.